Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Client VPN from Cisco Router to Commercial VPN Provider

Hi There,

Im new to Cisco VPN technology so please forgive my ignorance.

I am trying to connect my Cisco router to a comercial VPN provider that supports IPSec and have given me only only there server ip, user name, password and Secret. 

WIth this information I can, for example, connect with an iPhone using the biult in Cisco IPSec VPN.

My question is how would i set this up on a cisco router, either using CCP or direct config ?

Thanks in advance for any pointers/help

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Re: Client VPN from Cisco Router to Commercial VPN Provider

with the given info, it should be the following config:

crypto ipsec client ezvpn VPN
connect auto
group Astrill key way2stars
mode client
peer 1.2.3.4
username Astrill-email password Astrill-password


Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
10 REPLIES
VIP Purple

Client VPN from Cisco Router to Commercial VPN Provider

You need to configure "EasyVPN Remote" on your IOS-Router to connect to that service. Here are some exaples:

http://www.cisco.com/en/US/docs/ios/12_2/12_2y/12_2yj8/feature/guide/ftezvp2.html#wp1148652

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Client VPN from Cisco Router to Commercial VPN Provider

Hi Karsten

I have tried easy vpn via ccp which forces my to enter a group name althou the server does not use it. The VPN fails, is this as a result of having to enter the group name or something else?

Thanks for your help.

VIP Purple

Client VPN from Cisco Router to Commercial VPN Provider

that's very likely. Which group-name did you use in the iPhone-client? If that worked just use the same.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Client VPN from Cisco Router to Commercial VPN Provider

on the iPhone I was able to leave it blank but with ccp you have to enter something??

VIP Purple

Re: Client VPN from Cisco Router to Commercial VPN Provider

strange ... I wuld ask the VPN-provider what the groupname is and if EzVPN remote is really compatible.


Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Client VPN from Cisco Router to Commercial VPN Provider

Will do that,

Thanks very much for the help.

New Member

Hi, could you share your

Hi, could you share your config? 

I have configed the same but I only get this message and it seems it doesnt even get to phase one:

CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) 

this is my config

Building configuration...

Current configuration : 2682 bytes
!
! Last configuration change at 16:32:09 UTC Wed Jun 15 2016
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VPN_Test
!
boot-start-marker
boot system flash:/c880data-universalk9-mz.152-4.M7.bin
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login vpn-client-user local
aaa authorization network vpn-client-user local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
!
!
!
!
!
ip dhcp excluded-address 192.168.3.1 192.168.3.99
ip dhcp excluded-address 192.168.3.200 192.168.3.255
!
ip dhcp pool INTERNAL
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
!
!
!
ip cef
no ipv6 cef
!
!
license udi pid CISCO881GW-GN-E-K9 sn FHK143476HA
license boot module c880-data level advsecurity
!
!
!
!
!
!
!
controller Cellular 0
!
ip tftp source-interface Vlan1
!
!
crypto isakmp policy 1
encr aes
group 2
!
!
crypto ipsec transform-set HW esp-aes
mode tunnel
!
crypto ipsec profile 1
!
crypto ipsec profile HW
!
!
!
crypto ipsec client ezvpn HW-Client
connect auto
group ASTRILL key way2stars
mode client
peer 104.223.141.123
username user@id.com password password
xauth userid mode local
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
crypto ipsec client ezvpn HW-Client
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip address 192.168.3.1 255.255.255.0
service-module ip address 192.168.3.2 255.255.255.0
service-module ip default-gateway 192.168.3.1
arp timeout 0
crypto ipsec client ezvpn HW-Client inside
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
service-module ip address 192.168.3.2 255.255.255.0
service-module ip default-gateway 192.168.3.1
!
interface Cellular0
no ip address
encapsulation ppp
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
tftp-server flash:anyconnect-win-4.1.04011-k9.pkg

New Member

Re: Hi, any Joy getting this working.

Hi,

 

I just wondered if you ever got this working, I'm trying to use a Cisco 1921 with an IOS

c1900-universalk9-mz.SPA.154-3.M5.bin to set up a connection to a commercial VPN Provider,  either Nord, Private internet access or IP vanish. I'm struggling to find anything that could help and my knowledge of VPN's is a bit scarce to say the least. Basically I'm trying to use a Cisco Router on my home network to encrypt all of my traffic from my LAN. I can use the providers client software but I'd like to do the encryption at Router level. 

 

Any pointers would be much appreciated.

 

Steve

 

New Member

Client VPN from Cisco Router to Commercial VPN Provider

Hi Again,

I mail there support and got the following reply:-

2. Cisco IPSec (compatible with iPhone/iPad/Macintosh)
This VPN uses XAuth with PSK. For XAuth use your Astrill email and password. PSK (Preshared secret) is "way2stars". If IPSec group is required, leave this blank or put "Astrill". Exchange mode is (aggressive, main). IKE fragmentation is enabled. I'm sending bellow relevant configuration parameters for 1st and 2nd phase:
- First phase: Encryption: AES, Hash algorithm: SHA1; DH Group: 2; XAuth authentication;
- Second phase: pfs_group 2; encryption_algorithm aes; authentication_algorithm hmac_sha1; compression_algorithm deflate;

How would I edit my Easy VPN Remote to reflect those settings, i have tried a few thing thou CCP but with no success?

VIP Purple

Re: Client VPN from Cisco Router to Commercial VPN Provider

with the given info, it should be the following config:

crypto ipsec client ezvpn VPN
connect auto
group Astrill key way2stars
mode client
peer 1.2.3.4
username Astrill-email password Astrill-password


Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
880
Views
5
Helpful
10
Replies
CreatePlease login to create content