09-20-2011 08:55 AM
OK i am starting to think this is me and my distinct lack of understanding how the Cisco VPN works, as i already have a post on here about not being able to connect an android device to my firewall, i am now struggling to get an Iphone 3gs iOS v4.3 (8F190) connected to the VPN Either.
I have checked the Network (client) Access settings on the firewall, and confirmed the group names im after including the protocols it supports L2TP is Disabled so it looks like i can only connect via IPsec.
so i fill out the required details in the IPhone but keep getting a message back from the phone
"The VPN Shared Secret is incorrect"
Now im sure i have this right as i use the same details on my laptop which connects to the VPN perfectly fine. but i am starting to bang my head against the wall, no matter what i try and do i cannot seem to get either device to connect to the firewall.
i have a pair of ASA 5520 boxes running cisco software 8.2
any help or suggestions would be appreciated, please be aware i did not set this firewall up, its inherited so im still getting to grips with it.
Kris
09-20-2011 09:14 AM
Kris,
Slow down. One thing at a time.
How did you configure the phone and what did you configure on the ASA?
I've been testing Anyconnect from iOS devices for the last few days with some success and little problem.
Marcin
09-20-2011 09:37 AM
Hi Marcin,
thanks for the reply, i have tried both L2TP and IPSec options on the phone using the builtin VPN software in the Settings > Network option.
I have filled out the details as requested, server name, username, password, secret
but keep getting the same message back about the VPN secret being incorrect.
with the L2TP option i get a timeout saying the server did not respond, i am guessing this is due to me only just enabling L2TP on the vpn connection so there are no rules setup to allow the traffic in and out.
If i leave the group name blank it takes a lot longer to respond and at that point i get the following message
Negotiation with the VPN Server failed.
09-21-2011 02:56 AM
Kris,
ASA will only do L2tp over IPsec, or IPsec. It will not do pure L2tp.
Now it's hard for me to say what you should configure, butin general IPsec client on my MAC works - I have not tested it on ipod/ipad but I know recently (at least in Lion there were some .. funky ... changes).
Anyway I guess you have already seen this config:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_l2tp_ipsec.html#wp1118572
I'm just cuious what you tried in pure IPsec mode and what your configuration is ;-)
Bad comes to worse - you will need to enable debugging on ASA to see what ipod/ipad/iphone is sending.
Marcin
01-18-2012 09:32 AM
I Managed to resolve this problem, i was mis-reading the shared secret and group names, after trying again and double checking everything its working fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide