Wondering if anyone can point me in the right direction with this as I am not skilled with vpns. I need to connect a software vpn client (shrewsoft vpn as it supports main mode) to a cisco ios router. Cisco ipsec client can only connect with main mode using with digital certificates and I don't want to venture there yet.
Everything works fine when client uses aggressive mode, when aggressive mode is disabled on the router, I cannot connect.
Basic vpn config I am using
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp key ******* address xxx.xxx.xxx.xxx no-xauth
crypto isakmp key ******* address xxx.xxx.xxx.xxx no-xauth
!
crypto isakmp client configuration group CMPNAME
key *********
dns 8.8.4.4
domain home.com
pool vpn-pool24
acl 110
!
!
crypto ipsec transform-set REF1 esp-3des esp-md5-hmac
mode tunnel
crypto ipsec transform-set REF2 esp-3des esp-sha-hmac
mode tunnel
crypto ipsec df-bit clear
!
crypto ipsec profile VPN-Profile
set transform-set REF1
!
!
!
crypto dynamic-map D-Map1 10
set transform-set REF2
!
!
crypto map MAP1 client authentication list userauthen
crypto map MAP1 isakmp authorization list groupauthor
crypto map MAP1 client configuration address respond
crypto map MAP1 10 ipsec-isakmp dynamic dynmap
