Random Cisco geekery, issue 5: A VPN between a Cisco EPC3925 and a FRITZ!Box 7270.

I’ve struggled quite a bit to get these two devices together, mostly because the parameters on the FRITZ!Box are not documented, so it was hard to make them match with the Cisco device. But eventually I’ve managed to, so I’m happy to share the parameters.

Here we go.

First of all, here we assume that you are using dynamic IP addresses, in which case you need to use a dynamic DNS service to get it done (eg. DynDNS, No-IP, or your own solution).

Let’s say that the location using the FRITZ!box is using fritz.dyndns.example and the local subnet is, and the Cisco router is using cisco.dyndns.example and the local subnet is

What to do on the FRITZ!box?

Create a file with this:

Replace all the lines with a comment at the end with what suits your situation. Once ready, open the control panel of your FRITZ!Box, go to Internet > Permit Access > VPN, and upload the file you’ve just created, then go to Import VPN Settings.

What to do on the Cisco EPC3925?

Go to Security > VPN, and create a new Tunnel with whatever name you like.

  • Local Secure Group: put your local subnet (
  • Remote Secure Group: put your remote subnet (
  • Remove Secure Gateway: the remote FQDN (fritz.dyndns.example)
  • Key Management:
    • Key Exchange Method: Auto (IKE)
    • Encryption: DES
    • Authentication: SHA1
    • PFS: Enable
    • Pre-Shared Key: your VPN password (your_shared_key)
    • Key Lifetime: 3600

Now click Save Settings, then go on Advanced Settings and set this:

  • Phase 1:
    • Operation Mode: Aggressive
    • Local Identity: the local host Name (cisco.dyndns.example)
    • Remote Identity: the remote host Name (fritz.dyndns.example)
    • Encryption: 3DES
    • Authentication: MD5
    • Group: 1024-bit
    • Key Lifetime: 28800
  • Phase 2:
    • Group: 1024-bit

Save the settings, cross your fingers and your toes and click on Connect.

Note something down here. Put some effort into it.