Cisco 871: IPsec Remote VPN

Question

After having followed several tutorials and none of them worked for me, someone might help me here.

I have a Cisco 871 router, version 12.4(4)T7.

Currently, I have it configured as a PPTP VPN server. But as I want a bit more security, I'd like to use it as a IPsec VPN server.

The article on https://serverfault.com/a/115862 helped me pretty much, except that the command

crypto ipsec transform-set ESP-AES-128-SHA-LZS esp-aes esp-sha-hmac comp-lzs

returns the error message:

"Transform comp-lzs  is not supported with the current hardware configuration."

I tried to finish config without lzs compression, but the connection fails on Linux Mint 15 (vpnc-client). As I didn't find any log, I cannot provide more information about the reason.

Was anybody successful at this?

Hi-this is a device configuration question so is off topic here. — Rory Alsop, Jun 10 '13 at 07:36
Seems like it would be a good question for http://networkengineering.stackexchange.com/ — Paul Gear, Jun 15 '13 at 09:06

score 1 · Answer 1 · answered Jun 15 '13 at 15:12

1

Could you start your vpnc client with --debug 3 or --debug 99 to put vpnc in Verbose mode so we have a bit more informations ?

Could you post your complete config ? Are you sure you removed reference to LZS everywhere in your config ?

answered Jun 15 '13 at 15:12

Yannovitch

309
1
8

score 0 · Answer 2 · edited Apr 13 '17 at 12:14

0

I just stepped through MikeyB's config from Simple road warrior IPv4 VPN configuration in Cisco IOS on IOS 15.2(4)XB10 on an 1841 and the syntax was accepted fine. The configuration in that post was from c2600-ik9o3s3-mz.123-26.bin, so maybe either your version of IOS is too early in the 12.4T train to support compression, or it isn't supported on your hardware. The error message would tend to indicate the latter. :-)

edited Apr 13 '17 at 12:14

Community

1

answered Jun 17 '13 at 07:29

Paul Gear

4,367
19
38

Okay will take a look at it, thanks. I already tried out many tutorials (even those who don't have the failing statement from above) and none of them worked. That's why I'm asking whether anyone was successful about this. – Atmocreations Jun 17 '13 at 10:28
The config i created is failing for me on the phase 2 negotiation with vpnc. If i get a chance i'll have a bit more of a play with it to see if i can work out why. – Paul Gear Jun 18 '13 at 23:05

Cisco 871: IPsec Remote VPN

2 Answers2