IPSec vpn with certificate on android

abdelkarim.yousef · ‎05-16-2016

Hi,

I configured VPN Client IPSec with sertificate (RSA) authentication on ASA 5520 8.3.

i requested certificates from MS CA by entering URL: http://serverIP/certsrv and request the certificate and install it on the client

the configuration worked fine on cisco vpn client installed on a computer, but when i establish the VPN on android device (IPSec Xauth RSA) on version 4.4.2 it gives me the following error:

IKEv1: received encrypted Oakley Informational packet with invalid payloads

Can you help me

Philip D'Ath · ‎05-16-2016

I would upgrade the ASA 5520 to asa847-30-k8.bin first.

https://software.cisco.com/download/release.html?mdfid=279916878&catid=268438162&softwareid=280775065&release=8.2.5%20Interim&relind=AVAILABLE&rellifecycle=&reltype=latest

Have you considered using the certificate authority built into the ASA?

abdelkarim.yousef · ‎05-18-2016

I upgraded it to Cisco Adaptive Security Appliance Software Version 8.4(7)30

I still have a problem, below is what i get when i enable debug on ipsec and ca and connect from android device:

ciscoasa# CERT API thread wakes up!

CRYPTO_PKI: Cert record not found, returning E_NOT_FOUNDCERT API thread sleeps!
May 19 08:38:17 [IKEv1]Group = VPN, IP = 188.247.76.169, Received encrypted O
akley Informational packet with invalid payloads, MessID = 2318006952
May 19 08:38:20 [IKEv1]Group = VPN, IP = 188.247.76.169, Received encrypted O
akley Informational packet with invalid payloads, MessID = 3139652231
May 19 08:38:23 [IKEv1]Group = VPN, IP = 188.247.76.169, Received encrypted O
akley Informational packet with invalid payloads, MessID = 4121829780
May 19 08:38:26 [IKEv1]Group = VPN, IP = 188.247.76.169, Received encrypted O
akley Informational packet with invalid payloads, MessID = 2416921239