ASA VPN Cisco mobile issues

Posted on 2011-10-20
Medium Priority
Last Modified: 2012-05-12
hello all,

we currently allow iPhone 4 devices to remote VPN connect in to our network using Cisco IPSEC VPN client. When connected, the phones connect to Cisco call manager using SIP connection and can be used to make VOIP calls on the network.

The VPN termination device is a Cisco ASA 5510 firewall and has an installed IPS module.

we have this strange issue where by the iPhone will connect to call manager 1 minute, and then won't connect again 2 minutes later if you disconnect. The VPN connection itself is fine - it always connects. it's just the connection to call manager that only works when it wants to.

i have checked the IPS logs and can't see anything being blocked by a signature or anything like that.

has anyone else had this problem?
Question by:L-Plate

Accepted Solution

VibekeH earned 2000 total points
ID: 37001544

If VPN is connecting without problems I believe you can confirm that on the group policy you have the following setting: "vpn-tunnel-protocol IPSec"

In this case it could be a nat issue which I was experiencing as well. Try to give on global configuration this command:
crypto isakmp nat-traversal 20

Which is basically enabling IPSec over NAT-T with a keepalive of 20 seconds.


Author Comment

ID: 37005534
hi Vibekeh,

thanks for your reply.

IPSEC over NAT-T is enabled on the IPSEC connection profile.

the strange thing about the issue, is that sometimes the Cisco mobile app connects, and sometimes it doesn't. VPN ALWAYS connects, and you can even send a successful ping from the iphone to the call manager server, but as i said, sometimes it doesn't register in call manager.

very odd issue IMO.

I have just created a VPN remote access profile for the iphones on an alternative VPN termination device. it's actually a VPN concentrator 3000 series. all seems to be working really well through this, so i might just role with this from now on.

so it seems that using iphones on VPN with Cisco mobile app works more reliably through VPN concentrator than on ASA. That's my opinion anyway.

Featured Post

Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses
Course of the Month15 days, 13 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question