iPAD VPN not passing traffic

fermendo · ‎01-04-2011

Hello all,

I'm trying to connect from iPAD (iphone OS 4.2.1) to an ASA 5520 (8.0.4) using the embeded IPSEC client. The tunnel goes up correctly using pre-shared key, xauth with RSA. The tunnel is set up to not use split tunneling.

Once the iPAD is connected, there is no communication with internal network. With show crypto ipsec sa, I do see packets being decrypted and encrypted in the ASA. Also, with a packet capture I can confirm that unencrypted traffic goes from ASA to internal server and from internal server to ASA correctly. Traffic that I have tried with includes ICMP, Telnet, http, dns. NAT-T is enabled on ASA.

If I try the connection from a Windows XP maching on the same wireless access it works fine, I can access internal network correctly.

Is there a way to view some logs on the iPAD vpn client? The only thing I can see, is that the default gateway is not changed as in a windows machine.

Also, is there a known problem? Perhaps I must use an encryption method specifically?

Thanks a lot!!!

Fernando

Gustavo Medina · ‎01-07-2011

Fernando,

I've seen some issues like this, but this is a client issue on the i* devices - they just don't send the packets to the VPN endpoint
when using 'tunnel all' or even'exclude specified' policies.  split tunneling works fine though. 

Looks like the i* devices don't know how to handle the default route that the Cisco device is pushing, You would need to get a hold
of Apple for this.

From what I have seen they always work when using split-tunnel but there are different issues when using another tunnelling policy.
There are some cases opened with Apple for this I think...

Regards,

fermendo · ‎01-11-2011

Hello Jose,

Thanks for your response. Let me test with split-tunneling and see what happens, I'll post the results.

Regards,