07-21-2010 02:40 PM
Hi,
I'm trying to get my ipad to VPN to our Cisco ASA5520.
I believe I have all of the settings correct on both ends (I am able to vpn to the asa using a cisco 871 as the remote client).
I suspect that for some reason the vpn client on the ipad isn't even getting to the asa. My question is: How can I monitor the ASA logs to see if the connection is even being attempted and possibly find the failure?
Thanks
M
Solved! Go to Solution.
07-21-2010 04:59 PM
try :-
debug crypto isakmp
debug crypto ipsec
sh vpn-sessiondb remote ( to see if client is connected )
I configured ipad for remote vpn client , the user was able to connect to the 5520 but for reason i had to use ip addresses to access but i couldnt use internal dns names. trying to figure that out as of right now.
hope it helps
Manish
07-21-2010 04:59 PM
try :-
debug crypto isakmp
debug crypto ipsec
sh vpn-sessiondb remote ( to see if client is connected )
I configured ipad for remote vpn client , the user was able to connect to the 5520 but for reason i had to use ip addresses to access but i couldnt use internal dns names. trying to figure that out as of right now.
hope it helps
Manish
07-23-2010 08:28 AM
What does your dynamic crypto map use for it's transform set? I ran into a similar issue where ipsec clients hw/sw could connect, but not IPad. I had to configure the dynamic map to also use 3des/md5 to make it work.
But as last person mentioned, debug for crypto isakmp and ipsec to make sure the device can reach the ASA.
07-27-2010 10:59 AM
Hi,
Finally got it to work. Thanks for the tip on how to watch debug stuf for ipsec.
I saw that the problem was no address pool was assigned to the tunnel group.
This leads to a new question but I'll post another thread.
Tanks again!
M
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide