Site2Site VPN with ubiquiti and Cisco router

One of my customer asked me to do a site2site VPN with his home ubiquiti router. I said “Yeah sure, we can try…” and it wasn’t very hard to accomplish this. Site2site IPsec VPN with dynamic peers to a Cisco router and parralel EasyVPN Cisco VPN users is not possible! In this case, the company is … Read more

Cisco VPN Error 27850 on Windows 10

Hello again! Today I wanted to install Cisco VPN Client on my Windows 10 machine but I got always error 27850. I found a knowledge base article that you need to install DNE Update. You can find it here: If you have install problems. Follow the installation guide for the registry changes. Add a … Read more

Redundant Internet access with Cisco routers

You can configure redundant internet lines with Cisco routers. For this we will use route tracking. The configuration of this is also for backing up your VPN lines. In this example we have to internet lines: The main line is 105.1.2.x and the backup line 222.1.2.x (I also bound a crypto map to it): interface Vlan2 description … Read more

Import Domain certificate from RootCA to your Cisco router

Today I will show you how to import a signed domain certificate from your own Domain Root Certification Authority. First we will generate a certificate for the Cisco router. I needed this for the WebVPN gateway to connect SSL VPN user. In my example, we will use ““. You need a working RootCA in your windows … Read more

Cisco Site2Site VPN problem with “Fail to allocate ip address”

Today I configured a site2site VPN on a Cisco Router. The remote device was a Palo Alto. Phase 1 was working correctly but we got problems with Phase 2, the debug logs said: *Aug 15 09:13:06.899: ISAKMP:(6035):Total payload length: 12 *Aug 15 09:13:06.899: ISAKMP:(6035): sending packet to my_port 500 peer_port 500 (R) MM_KEY_EXCH *Aug 15 … Read more

Configuring internal DSL for Annex A line (like in Netherland)

A UK customer expanded to the netherlands where the local provider “Van den Bulk Telecom” delivered only a dsl line. So we need a Cisco Router with a built in modem with options for later VDSL use. Actually they provide an ADSL Annex A line. The provider gives us the following informations: Line: ADSL2+ over … Read more

Router on the edge

Good morning everyone! Today I want to explain a configuration for routing internal networks with a layer 3 routing switch and a router for accessing the internet. I call it “router on the edge”. The definition “edge router” is typically a router running EBGP (External Border Gateway Protocol) so I invent a new definition 🙂 … Read more

Site2Site VPN Tunnel with ClientVPN @ Cisco IOS

Good Morning everyone! I want to describe several VPN configurations on a Cisco router, ASA firewall and Sophos UTM. I will start with Cisco IOS on a Cisco router. In this example you will learn to configure a site2site VPN tunnel with a coincident client VPN access. First we will configure the basic IPsec VPN settings. … Read more

Configuring a fallback for default-route on a Cisco router

This was a wish from one of my customer and I was investing a lot of time to connect the site2site VPN on both WAN uplinks with EIGRP metric and so on… but there is another simple way to configure an automatic default-route fallback which solves all our problems in case the primary WAN links … Read more

Quality of Service within a VPN tunnel over Dialer-Interface

Today I will show you how to configure QoS for outgoing SIP VoIP traffic who goes throw a VPN tunnel / crypto-map. To solve this we need to create class-maps for all IP traffic and for our SIP traffic and bind them to the crypto map and the outgoing interface because VPN traffic is encapsulated … Read more