Help to setup Cisco 1811 VPN with win7 client and PSK

[BradMajors]

Hi,

I have inheritted responsibilities for managing the network in our small office. One of the first things I have been tasked with is to get a VPN set up on an unused CISCO 1811. I have no CISCO experience and very little knowledge of networking so I'm looking for help to set this up.
I was able to get to the point of starting CISCO SDM but it seems to hang when I try using the VPN wizard so I'm hoping for a list of CLI commands I can manually enter to get this working. The client used to connect will be the microsoft supplied version that is part of win 7. The VPN is supposed to have Preshared keys for security.

We have a T1 line and the public facing IP address will be 66.26.144.50 the gateway is 66.26.144.49 and the netmask is 255.255.255.252. There is already an internal network 192.168.1.0 (255.255.255.0). that we want the VPN to be able to access. A coworker thought the VPN should been on its own Vlan (not really sure what that is exactly) and there should be "routing" set up on the 1811 between the existing 192.168.1.0 network and the CISCO 1811 Vlan.

Any help would be most appreciated.

 

[BradMajors]

Here is the config I've tried to get this working, it has been copied from other posts and modified to suit my network.

I get this error on the Cisco router with the Shrew client

%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode
failed with peer

With the Win7 client

IKE Dispatcher: IKEv2 version 2 detected, Dropping packet!

Thanks!


Router#show run
Building configuration...

Current configuration : 4011 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password xxxxxxx
!
aaa new-model
!
!
aaa authentication login LOCAL_DB local
aaa authorization network local_authentication local
!
!
aaa session-id common
!
!
ip cef
!
!
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-1409926838
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1409926838
revocation-check none
rsakeypair TP-self-signed-1409926838
!
!
crypto pki certificate chain TP-self-signed-1409926838
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343039 39323638 3338301E 170D3130 31313136 31383037
32355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34303939
32363833 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CAC0 4FE2CE2F DD7586BC 1752A7DA 1F74EF52 1D460F91 3BA719C1 3728FC81
565B7B71 D8A296E4 96ECB276 FF31F883 807C958C DA30D465 B5AE2B95 33F42422
6B8161F9 C3C8CC1E F5504220 1B0D09C4 7E7B58FC F95339E3 FBF82C33 C714676E
5C58AEC5 6637226C 2ADAA287 D16FE160 75399EFC 009C0B4C 66B40C52 B4B08614
6E9B0203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 C589CA4E
19294417 5166D930 62CE56F7 45BC39B0 301D0603 551D0E04 160414C5 89CA4E19
29441751 66D93062 CE56F745 BC39B030 0D06092A 864886F7 0D010104 05000381
81001E01 40CFA2A6 8D942AF4 3B08B039 C99CBEAC 6A1CA1FA 92EC43AE CD41EE5E
6DF25239 97218676 881244DA EB9A7C55 8D764E78 741CEFA3 40D79FCD FCEB7E38
D1A55B3F 3013F3A1 CE35584F D51E7BCA 89360468 673DFD92 8EECCE39 F99B203C
A0E5FCFE 1564DD47 F7047ED1 28BB74E1 347CA428 425182C0 071AFB94 0B004221 BE57
quit
!
!
username Guest password 0 OurGuest
username User password 0 OurUser
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group HOME
key MyPreShareKey
dns 66.165.0.2
pool SDM_POOL_1
!
!
crypto ipsec transform-set MOD_SET esp-3des esp-sha-hmac
no crypto ipsec nat-transparency udp-encaps
!
crypto dynamic-map CLIENT_MAP 1
set transform-set MOD_SET
reverse-route
!
!
crypto map TEST_VPN client authentication list LOCAL_DB
crypto map TEST_VPN isakmp authorization list local_authentication
crypto map TEST_VPN client configuration address respond
crypto map TEST_VPN 100 ipsec-isakmp dynamic CLIENT_MAP
!
!
!
!
interface FastEthernet0
ip address 66.26.144.50 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
no ip address
duplex auto
speed auto
crypto map TEST_VPN
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
ip address 192.168.6.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan2
no ip address
shutdown
!
interface Async1
no ip address
encapsulation slip
!
router rip
version 2
passive-interface FastEthernet0
network 66.0.0.0
no auto-summary
!
ip local pool SDM_POOL_1 192.168.5.100 192.168.5.119
ip route 0.0.0.0 0.0.0.0 66.26.144.49
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP interface FastEthernet0 overload
!
logging trap debugging
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
!
!
!
route-map SDM_RMAP permit 1
match ip address 101
!
!
!
!
control-plane
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
!
end