cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

1693
Views
13
Helpful
6
Replies
Beginner

iPhone vpn client stopped working

I have a 5510 ASA and we have been using the Cisco vpn client on the iPhone 3G for 2 years.  Two weeks ago we had a consultant set up a site to site VPN failover on our ASAs.  That day the iPhone VPN client stopped working on all of the iPhones.  The VPN client on the computers works fine.  When I try to log in with the iphone these are the errors I get from the log in the asdm.

5 Apr 20 2011 20:09:02 713119     Group = rgrayvpn, Username = jtenny, IP = 166.137.140.21, PHASE 1

COMPLETED

5 Apr 20 2011 20:09:02 713904     Group = rgrayvpn, Username = jtenny, IP = 166.137.140.21, All IPSec

SA proposals found unacceptable!

3 Apr 20 2011 20:09:02 713902     Group = rgrayvpn, Username = jtenny, IP = 166.137.140.21, QM FSM

error (P2 struct &0xac4459d8, mess id 0xd809f748)!

3 Apr 20 2011 20:09:02 713902     Group = rgrayvpn, Username = jtenny, IP = 166.137.140.21, Removing

peer from correlator table failed, no match!

5 Apr 20 2011 20:09:02 713259     Group = rgrayvpn, Username = jtenny, IP = 166.137.140.21, Session is

being torn down. Reason: Phase 2 Mismatch

4 Apr 20 2011 20:09:02 113019     Group = rgrayvpn, Username = jtenny, IP = 166.137.140.21, Session

disconnected. Session Type: IKE, Duration: 0h:00m:19s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch

I have attached the ASA configs from before he made changes and after he made changes.

I hope someone can help me.  I am not very experienced with the ASA (which is why I hired a consultant).  I need step by step instructions.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

Re: iPhone vpn client stopped working

If his configuration only broke iPhone vpn connection, yes, that's only thing you need.

per the log you provide, iPhone vpn connection was broken on phase 2, transform-set is the parameter which is negociated in phase 2.

View solution in original post

6 REPLIES 6
Rising star

Re: iPhone vpn client stopped working

I saw your previous configuration had some lan-to-lan vpn as well. Are they still working or not?

He configured a new crypto map and applied it to the outside interface.

In your old crypto map configuration, you have both lan-2-lan and remote access vpn.

But in his new configuration, he just use one dynamic map without the previous lan-2-lan configuration.

But if you would like a quick fix for iPhone, you can just do the following,

no crypto map dyn-map interface outside

crypto dynamic-map cisco 1 set transform-set myset set1

crypto map dyn-map interface outside

Beginner

Re: iPhone vpn client stopped working

That is not going to change anythin in the lan to lan

or for the other VPN clients is it?

Highlighted
Rising star

Re: iPhone vpn client stopped working

Besides this iPhone vpn issue, did you experience any other issue after the change?

What I suggested in the previous post is to add the transform-set which  was used by iPhone. So, it won't impact the other vpn client.

First command will remove the crypto map from outside interface, after you add transform-set back, they you will apply the same crypto map back to the outside interface. VPN would stop working until you re-applying the crypto map back to the outside interface.

Beginner

Re: iPhone vpn client stopped working

And that is all I have to put in?  No other commands for encryption or any

thing?

Rising star

Re: iPhone vpn client stopped working

If his configuration only broke iPhone vpn connection, yes, that's only thing you need.

per the log you provide, iPhone vpn connection was broken on phase 2, transform-set is the parameter which is negociated in phase 2.

View solution in original post

Beginner

Re: iPhone vpn client stopped working

Thank you very much.  It worked.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here