L-Plate
asked on
ASA VPN Cisco mobile issues
hello all,
we currently allow iPhone 4 devices to remote VPN connect in to our network using Cisco IPSEC VPN client. When connected, the phones connect to Cisco call manager using SIP connection and can be used to make VOIP calls on the network.
The VPN termination device is a Cisco ASA 5510 firewall and has an installed IPS module.
we have this strange issue where by the iPhone will connect to call manager 1 minute, and then won't connect again 2 minutes later if you disconnect. The VPN connection itself is fine - it always connects. it's just the connection to call manager that only works when it wants to.
i have checked the IPS logs and can't see anything being blocked by a signature or anything like that.
has anyone else had this problem?
we currently allow iPhone 4 devices to remote VPN connect in to our network using Cisco IPSEC VPN client. When connected, the phones connect to Cisco call manager using SIP connection and can be used to make VOIP calls on the network.
The VPN termination device is a Cisco ASA 5510 firewall and has an installed IPS module.
we have this strange issue where by the iPhone will connect to call manager 1 minute, and then won't connect again 2 minutes later if you disconnect. The VPN connection itself is fine - it always connects. it's just the connection to call manager that only works when it wants to.
i have checked the IPS logs and can't see anything being blocked by a signature or anything like that.
has anyone else had this problem?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for your reply.
IPSEC over NAT-T is enabled on the IPSEC connection profile.
the strange thing about the issue, is that sometimes the Cisco mobile app connects, and sometimes it doesn't. VPN ALWAYS connects, and you can even send a successful ping from the iphone to the call manager server, but as i said, sometimes it doesn't register in call manager.
very odd issue IMO.
I have just created a VPN remote access profile for the iphones on an alternative VPN termination device. it's actually a VPN concentrator 3000 series. all seems to be working really well through this, so i might just role with this from now on.
so it seems that using iphones on VPN with Cisco mobile app works more reliably through VPN concentrator than on ASA. That's my opinion anyway.