Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
23367
Views
0
Helpful
4
Replies

IPhone VPN Connection Problems

kristian_d
Level 1
Level 1

‎09-20-2011 08:55 AM

OK i am starting to think this is me and my distinct lack of understanding how the Cisco VPN works, as i already have a post on here about not being able to connect an android device to my firewall, i am now struggling to get an Iphone 3gs iOS v4.3 (8F190) connected to the VPN Either.

I have checked the Network (client) Access settings on the firewall, and confirmed the group names im after including the protocols it supports L2TP is Disabled so it looks like i can only connect via IPsec.

so i fill out the required details in the IPhone but keep getting a message back from the phone

"The VPN Shared Secret is incorrect"

Now im sure i have this right as i use the same details on my laptop which connects to the VPN perfectly fine. but i am starting to bang my head against the wall, no matter what i try and do i cannot seem to get either device to connect to the firewall.

i have a pair of ASA 5520 boxes running cisco software 8.2

any help or suggestions would be appreciated, please be aware i did not set this firewall up, its inherited so im still getting to grips with it.

Kris

Labels:
0 Helpful
4 Replies 4

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎09-20-2011 09:14 AM

Kris,

Slow down. One thing at a time.

How did you configure the phone and what did you configure on the ASA?

I've been testing Anyconnect from iOS devices for the last few days with some success and little problem.

Marcin

0 Helpful

kristian_d
Level 1
Level 1
In response to Marcin Latosiewicz

‎09-20-2011 09:37 AM

Hi Marcin,

     thanks for the reply, i have tried both L2TP and IPSec options on the phone using the builtin VPN software in the Settings > Network option.

I have filled out the details as requested, server name, username, password, secret

but keep getting the same message back about the VPN secret being incorrect.

with the L2TP option i get a timeout saying the server did not respond, i am guessing this is due to me only just enabling L2TP on the vpn connection so there are no rules setup to allow the traffic in and out.

If i leave the group name blank it takes a lot longer to respond and at that point i get the following message

Negotiation with the VPN Server failed.

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to kristian_d

‎09-21-2011 02:56 AM

Kris,

ASA will only do L2tp over IPsec, or IPsec. It will not do pure L2tp.

Now it's hard for me to say what you should configure, butin general IPsec client on my MAC works - I have not tested it on ipod/ipad but I know recently (at least in Lion there were some .. funky ... changes).

Anyway I guess you have already seen this config:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_l2tp_ipsec.html#wp1118572

I'm just cuious what you tried in pure IPsec mode and what your configuration is ;-)

Bad comes to worse - you will need to enable debugging on ASA to see what ipod/ipad/iphone is sending.

Marcin

0 Helpful

kristian_d
Level 1
Level 1

‎01-18-2012 09:32 AM

I Managed to resolve this problem, i was mis-reading the shared secret and group names, after trying again and double checking everything its working fine.

0 Helpful
Customers Also Viewed These Support Documents