Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

UC520 VPN

Hello,

We just got a UC520 for our small office. I am trying to set up a VPN (which is totally new for me). The VPN should be used from home on a pc with Cisco VPN client installed and should connect to the UC520 in the office and and get an ip address in the data VLAN.

I found an example config in a white paper and tried it but i keep getting the same error message when i try to connect:

UC520#

001708: Feb 10 03:42:06.484: ISAKMP:(0):Support for IKE Fragmentation not enabled

001709: Feb 10 03:42:06.484: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 192.168.10.23

I have attached my config. Could someone please help?

Justin

7 REPLIES

Re: UC520 VPN

Go ahead and enter this command on your router:

crypto isakmp fragmentation

Try your connection again.

New Member

Re: UC520 VPN

Thanks for the quick response. I will give it a shot tomorrow morning. I'm home now and have no VPN access :) I'll let you know.

Justin

New Member

Re: UC520 VPN

Ok I entered the command and it seemed to solve part of my problem. Now the message reads:

002094: Feb 10 20:57:41.867: ISAKMP:(0): MM Fragmentation supported

002095: Feb 10 20:57:41.871: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 192.168.10.23

Anything else I can try?

I have also attached a debug crypto isakmp output.

Please let me know.

Re: UC520 VPN

Are we sure we have the correct groupname and password on your vpn client profile? Go ahead and enable the vpn client log on the GUI and set all levels to 3, then try to connect and capture the logs.

New Member

Re: UC520 VPN

Hello,

The vpn client log is attached. I verified the groupname and password. They seem ok.

Re: UC520 VPN

Well the log from the client shows the router does not respond, which leads me back to asking, the only static router seen on this router is one to a service engine, I know this router is getting ip address via dhcp, can you get the show ip route from the router and see if you have a default gateway?

New Member

Re: UC520 VPN

Hello,

Thanks for sticking with me on this.

It seems that I have a default gateway.

Would you mind checking the attachment (i'm not much of a router guy).

In the attach you will also find the access list which could be a suspect.

Thanks again,

Justin

363
Views
3
Helpful
7
Replies