ASUS Transformer - Unable to establish a VPN connection.

kristian_d · ‎09-15-2011

Hi Guys,

as my profile might give away, im new here and hoping to get some help with a vpn connection problem i am getting.

I have recently purchased an ASUS Transformer TF101 with Android 3 (honeycomb), i was a little surprised to find there is no native Cisco connection within this version of Android and there also appears to be no app on the market place for this device either.

So not wanting to give up i decided to have a go with the standard VPN Client that Android offers.

Im using a set of ASA 5520 Firewalls connected together to provide a failover pair, they are using the latest Cisco software version.

However no matter what i try or change or re-configure on the android tablet i have been as yet unable to get the tablet to connect to my firewall VPN.

I know im not offering a lot of info at the moment but its just due to me not knowing what you might need or might not need.

any help would really be appreciated.

Kris

Herbert Baerten · ‎09-17-2011

Hi Kris,

for starters have a look at this thread:

hth

Herbert

kristian_d · ‎09-19-2011

Hi Herbert,

thanks for the link ive had a read through it, but all i can make out is what i know already, that there is no official vpn client for android except for the galaxy.

Failing that you have to root the device in order to install an unofficial one, which i do not want to-do.

Thanks for the help though

Kris

Herbert Baerten · ‎09-20-2011

Hi Kris,

actually what I meant (sorry I didnt make this clear) is that this thread also mentions that you can configure the ASA for L2TP/IPsec, and use the Android built-in L2TP client. Look for the (multiple) messages written by Petteri Heinonen.

hth

Herbert

kristian_d · ‎09-20-2011

Hi Herbert,

Sorry this might be me as well by the looks of it, but i was under the impression that the ASA vpns were already L2TP/IPsec connections.

we use a mixture of the Anyconnect client and the standard VPN client that Cisco offer, i was under the impression that they would use this to connect with.

if not and at the risk of sounding a bit dumb whats the difference ?

michaelbilliot · ‎09-28-2011

Kris,

Herbert is correct, I was able to connect to an ASA5510 using the built in client found on a Droid Bionic. It works pretty good. As for our laptops we use the Cisco VPN client v5.0.07

Herbert Baerten · ‎09-29-2011

Hi Kris,

The ASA supports different kinds of VPN, i.e. SSL (aka SVC for Ssl Vpn Client), IPsec or L2TP/IPsec.

For IPsec it suports both IKEv1 and IKEv2 (as of version 8.4).

On the client side,

the legacy Cisco VPN client uses IPsec with IKEv1.
Anyconnect 2.x uses SSL.
Anyconnect 3.x can use either SSL or IPsec/IKEv2.

So the Cisco clients do not use L2TP, but L2TP functionality is built-in in some OS's, like Windows and Android.

Personally I have not had the opportunity yet to lay my hands on an Android device to try this out, so I hope Michael or the people in the other thread can help you out if you need more details.

As to what's different, that's a short question with a long answer

One important difference between SSL and IPsec is that at some places IPsec may not work because the network provider blocks UDP500, while SSL uses TCP443 which is usually not blocked because it's the standard port for HTTPS.

Another one is that for Anyconnect, you need a license on the ASA (it does include a free license for 2 concurrent users).

Just a few pointers:

And probably Wikipedia is a good place to start reading as well if you want the full picture

hth

Herbert

Herbert Baerten · ‎09-29-2011

Actually I just noticed there's a new doc that you will probably find useful:

cheers

Herbert