cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
723197
Views
79
Helpful
71
Replies

VPN Client for Android

stefan.morlin
Level 1
Level 1

Hi!

We have got a couple of mobile phones with Android OS to our company.

We need a proper IPSEC VPN client to these Android phones, but cannot find any.

There are some IPSEC VPN clients on the market, but to use these you have to root the phone.

We have a ASA 5520 that works great with the Cisco AnyConnect client on Windows PC:s.

Will Cisco release a VPN client, like AnyConnect, that is compatible with Android?

Best Regards

Stefan

71 Replies 71

manny_cavalier
Level 1
Level 1

Why is it this hard to make an IPSec VPN run in an Android device, unlike in an iOS device? 

Using an ASA5510 I have a Droid Bionic connected via the PSKv1(AES,xauth,aggressive), found under Advanced IPSec VPN. Works very well.

Can you post the config for the ASA and the Bionc? I am trying the same and have had no luck at all.

Matthew,

     Below is the config for the Droid Bionic and the VPN part of the ASA5510 that works for me.

I am not an expert by any means so if anyone can provide any suggestions or point out errors it

would be most appreciated.

Hope this helps

Michael

For the Droid Bionic....

     Select Advanced IPSec VPN

     Select PSK v1(AES, xauth, aggressive)

     VPN name = (Any name you choose)

     VPN server = (IP address of your ASA5510)

     Pre Shared Key Type = Text

     Pre Shared Key = (the preshared key from the IPsec(IKEv1) Connection profile you created)

     Identity Type = ID

     Idenity = (The name of your IPsec(IKEv1) connection profile)

     Username = (a local user on your ASA5510)

     Password = (password for the local user)

Important note....

     I have been unable to connect to the VPN server using a 4G LTE signal.

To use 3G only go to...

Wireless & network settings

     Mobile networks

     Network Mode

     Select CDMA only

On the ASA5510, below are the VPN settings that worked....

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-128-SHA ESP-3DES-MD5

crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp policy 40

authentication pre-share

encryption aes

hash sha

group 2

lifetime none

group-policy droid attributes

dns-server value 172.25.5.10 172.25.5.11

vpn-idle-timeout none

vpn-tunnel-protocol IPSec l2tp-ipsec

password-storage enable

split-tunnel-policy tunnelspecified

split-tunnel-network-list value droid_splitTunnelAcl

default-domain value ****.com

tunnel-group droid type remote-access

tunnel-group droid general-attributes

address-pool vpnpool

default-group-policy droid

tunnel-group droid ipsec-attributes

pre-shared-key **********

tunnel-group droid ppp-attributes

authentication ms-chap-v2

Herbert Baerten
Cisco Employee
Cisco Employee

People looking for assistance on configuring this may find the following document useful:

or on IOS:

ROBERTO TACCON
Level 4
Level 4

Finally on Android 4.x:

http://developer.android.com/sdk/android-4.0-highlights.html

Enhancements for Enterprise

VPN client API

Developers can now build or extend their own VPN solutions on the platform using a new VPN API and underlying secure credential storage. With user permission, applications can configure addresses and routing rules, process outgoing and incoming packets, and establish secure tunnels to a remote server. Enterprises can also take advantage of a standard VPN client built into the platform that provides access to L2TP and IPSec protocols.

Hello!

I have a tablet with android 2.3.1.ASA is configured L2TP over IpSEC. A computer with Vista is connect successfull. When I trying connect android it's fail. Debug on ASA no messages. Why?

The tablet and computer are connected through single provider through wi-fi. It may be necessary to make any additional configuration on ASA.

crypto ikev1 policy 2

authentication rsa-sig

encryption aes

hash sha

group 5

lifetime 86400

crypto ikev1 policy 3

authentication pre-share

encryption aes

hash sha

group 2

lifetime 86400

crypto ikev1 policy 4

authentication rsa-sig

encryption 3des

hash sha

group 2

lifetime 86400

crypto ikev1 policy 5

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES128-SHA esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-des esp-sha-hmac

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-1 esp-3des esp-sha-hmac

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-1 mode transport

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-2 esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-2 mode transport

crypto dynamic-map outside_dyn_map 1 set ikev1 transform-set ESP-AES128-SHA ESP-3DES-SHA ESP-DES-SHA ESP-DES-MD5 TRANSPOT-FOR-L2TP-1 TRANSPOT-FOR-L2TP-2

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

group-policy IT-Security_GP internal

group-policy IT-Security_GP attributes

banner value Welcome to IT-Security Profile

wins-server value 10.200.4.63 10.200.4.73

dns-server value 10.200.4.82 10.200.4.97

vpn-tunnel-protocol ikev1 l2tp-ipsec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value INSIDE_NETWORK

default-domain value xxxxx

tunnel-group IT-Security type remote-access

tunnel-group IT-Security general-attributes

address-pool Adress_Pool_For_RAVPN_Clients

default-group-policy IT-Security_GP

tunnel-group IT-Security ipsec-attributes

ikev1 trust-point PES_EJBCA_CA_VPN

ikev1 radius-sdi-xauth

tunnel-group IT-Security ppp-attributes

authentication ms-chap-v2

ASA-FWL# show version

Cisco Adaptive Security Appliance Software Version 8.4(2)

Device Manager Version 6.4(5)206

Thanks!

ttsaon123
Level 1
Level 1

Open the menu and choose Settings

Select Wireless and Network or Wireless Controls, depending on your version of Android

Select VPN Settings

Select Add VPN

Select Add L2TP/IPsec PSK VPN

Select VPN Name and enter a descriptive name

Select Set VPN Server and enter a server hostname:

Select Set IPSec pre-shared key and enter "VPNReactor"

Uncheck Enable L2TP secret

Open the menu and choose Save

check android vpn set up

wjdrennen
Level 1
Level 1

Hey everyone I've been driving myself crazy trying to find an answer to this by myself so I was wondering if anyone knew if they are working on an android app for earlier versions of android? I'm currently running 2.3.4, and it is not Samsung. Any info would be great as the ONLY way to connect to the wifi at my college is Cisco AnyConnect... smh

Atanas G
Level 1
Level 1

Compatible with Fritzbox, Cisco PIX/ASA, Fortigate VPN Servers and others

https://play.google.com/store/apps/details?id=com.gmail.mjm4456.vpncilla&hl=en

madonnadonn81
Level 1
Level 1

Yes you can get WaselPro VPN service on your Android phones http://www.vpnfaqs.com/2014/11/how-to-setup-vpn-android/. Using OpenVPN and L2TP protocols on more than one device at the same time using the same private VPN account.