Question : setup basic ipsec vpn for windows on cisco sa520

i have setup numerous PPTP vpns, but i have not ever setup an IPSEC vpn. I have a cisco sa520 that i can use the Cisco QuickVPN client for, but i want to set it up so i can use the windows vpn wizard to connect to the cisco.

i found this nice tutorial on connecting to an ipsec vpn through windows:

but i must have someting wrong on the cisco side because the windows vpn connection never completes, it just looks and looks for a connection. any help?

Answer : setup basic ipsec vpn for windows on cisco sa520

The direction you have listed above deal with a PPTP or L2TP VPN connection.

What you need is an IPSEC which means you need to use the MMC (start\run\mmc).
File add/remove snap-in.
Here you need to hit add and then select the IP security policies on local computer then add.
Now close until you get back to the primary MMC with the IP security policies on local computer.

Here you would need to configure the tunnels one going out and one coming back.  This is how you define the routing rule i.e. a packet destined to the LAN Ip of the remote host will travel via this tunnel while the response will flow back.  one thing to take into account with IPSEC is that you have to have different LAN IP segments at each end or the issue gets a bit more complicated in the setup/configurationof the cisco router.
i.e. LAN behind the cisco can not use the same segment as the LAN of the computer from which the VPN connection will be attempted.  Overlaps are also not permitted:
Cisco LAN:

Computer LAN: or any segment variation there of:

The issue is that the packet will simingly have two options one that it is a local IP which takes preference over any other routing rule (send through tunnel).

The below is an example of configuring IPSEC. You can use this example, but you would need to make sure that the ipsec policy settings you enter match your cisco configuration.

If you have questions related to the setup, you would need to post the ipsec vpn policy you have on the cisco and what you've configured on the workstation.
Note: do not include preshared keys, or public IP address.  The assumption will be that you typed in the correct preshared key or you are using a certificate.

Some good reading if you want to increase your understanding of IPSEC
Random Solutions  
programming4us programming4us