Hi

I try to connect android 2.3 to cisco asa 8.2.5(13) via l2tp/ipsec with psk. I have freeradius (with motp) to store passwords. Between asa and freeradius i use pap authentication. I see that connection i set up but after 2-3 seconds connection fail. I think that phase 1 and 2 are ok, authorization is ok but l2tpd disconnect session. I don't have any idea why. Thanks for any advice

logs from asa:

Dec  4 22:17:21 ASA Group = DefaultRAGroup, IP = 13.6.6.65, PHASE 2 COMPLETED (msgid=b44493a2)

Dec  4 22:17:22 ASA AAA user authentication Successful : server =  10.62.1.10 : user = tom3

Dec  4 22:17:22 ASA AAA group policy for user tom3 is being set to press

Dec  4 22:17:22 ASA AAA retrieved user specific group policy (press) for user = tom3

Dec  4 22:17:22 ASA AAA retrieved default group policy (l2tp-ipsec_policy) for user = tom3

Dec  4 22:17:22 ASA AAA transaction status ACCEPT : user = tom3

Dec  4 22:17:22 ASA IPAA: Error freeing address 0.0.0.0, not found

Dec  4 22:17:22 secondASA (VPN-Secondary) Failed to update IPSec failover runtime data on the standby unit.

Dec  4 22:17:22 ASA L2TP Tunnel created, tunnel_id is 27, remote_peer_ip is 13.6.6.65

ppp_virtual_interface_id is 1, client_dynamic_ip is 0.0.0.0

username is tom3

Dec  4 22:17:22 ASA L2TP Tunnel deleted, tunnel_id = 27, remote_peer_ip = 13.6.6.65

Dec  4 22:17:22 ASA IPSEC: An outbound remote access SA (SPI= 0x0AC1E13C) between 13.6.6.66 and 13.6.6.65 (user= DefaultRAGroup) has been deleted.

Dec  4 22:17:22 ASA IPSEC: An inbound remote access SA (SPI= 0x1266C98E) between 13.6.6.66 and 13.6.6.65 (user= DefaultRAGroup) has been deleted.

Dec  4 22:17:22 ASA Group = DefaultRAGroup, IP = 13.6.6.65, Session is being torn down. Reason: L2TP initiated

Dec  4 22:17:22 ASA Group = DefaultRAGroup, Username = , IP = 13.6.6.65, Session disconnected. Session Type: IPsecOverNatT, Duration: 0h:00m:02s, Bytes xmt: 730, Bytes rcv: 724, Reason: L2TP initiated

my config:

ip local pool l2tp-ipsec 12.2.2.163-12.2.2.164 mask 255.255.255.192

crypto ipsec transform-set trans esp-3des esp-md5-hmac

crypto ipsec transform-set trans mode transport

crypto dynamic-map dyn_dla_l2tp-ipsec 10 set transform-set trans

crypto map outside_map_FR 199 ipsec-isakmp dynamic dyn_dla_l2tp-ipsec

crypto map outside_map_FR interface vlan65

crypto isakmp enable vlan65

crypto isakmp policy 7

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

group-policy l2tp-ipsec_policy internal

group-policy l2tp-ipsec_policy attributes

dns-server value 1.1.1.1

vpn-tunnel-protocol l2tp-ipsec

tunnel-group DefaultRAGroup general-attributes

address-pool l2tp-ipsec

authentication-server-group radius_no_otp

default-group-policy l2tp-ipsec_policy

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *****

tunnel-group DefaultRAGroup ppp-attributes

authentication pap

no authentication chap

no authentication ms-chap-v1

kindly regards

Peter