Solved

VPN connection from Android to ASA 5510

Posted on 2014-03-14
4
1,511 Views
Last Modified: 2014-03-25
I have been trying to connect a Samsung Galaxy S4 with the latest Android OS 4.4.2 to an ASA 5510 using the built-in VPN client and Inside Secure VPN Client 3.0.1. I know I need a license for the AnyConnect Mobile client. I can successfully get Phase 1 to complete but then if fails on Phase 2 with an array of different errors depending on what I have modified on the profile. I have searched the web for resolutions to the errors but haven't come across an answer. The iPhones in the office can connect using the native VPN client. Has anyone had success getting this connection to work. I have searched the web and EE but no success getting the correct settings. If it will not work I will discuss purchasing the correct license. I will post a config if needed I just want to know if it is possible before spending to much more time testing the configuration.
0
Comment
Question by:PM_IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 29

Expert Comment

by:Jan Springer
ID: 39930377
On the ASA:

debug crypto isakmp 25
debug crypto ipsec 25
term mon

Then try it and show the detail (using X.X. for the first two octets of the public IPs).
0
 
LVL 1

Author Comment

by:PM_IT
ID: 39935003
I have confirmed the PSK is accurate.

Group = DefaultRAGroup, IP = 70.193.x.x, WARNING, had problems decrypting packet, probably due to mismatched pre-shared key.  Switching user to tunnel-group: DefaultL2LGroup
Mar 17 14:10:48 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, ERROR, had problems decrypting packet, probably due to mismatched pre-shared key.  Aborting
Mar 17 14:10:49 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:49 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:52 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:52 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, IKE MM Responder FSM error history (struct &0xad29da60)  <state>, <event>:  MM_DONE, EV_ERROR-->MM_WAIT_MSG5, EV_RESEND_MSG-->MM_WAIT_MSG5, NullEvent-->MM_SND_MSG4, EV_CRYPTO_ACTIVE-->MM_SND_MSG4, EV_SND_MSG-->MM_SND_MSG4, EV_START_TMR-->MM_SND_MSG4, EV_RESEND_MSG-->MM_WAIT_MSG5, EV_RESEND_MSG
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, IKE SA MM:3eff6c0b terminating:  flags 0x01000002, refcnt 0, tuncnt 0
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, sending delete/delete with reason message
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, constructing blank hash payload
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, constructing IKE delete payload
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, constructing qm hash payload
Mar 17 14:10:52 [IKEv1]: IP = 70.193.x.x, IKE_DECODE SENDING Message (msgid=8881b24b) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Mar 17 14:10:56 [IKEv1]: IP = 70.193.x.x, Received encrypted packet with no matching SA, dropping
Mar 17 14:11:04 [IKEv1]: IP = 70.193.x.x, Received encrypted packet with no matching SA, dropping
0
 
LVL 1

Accepted Solution

by:
PM_IT earned 0 total points
ID: 39942296
We have a SonicWALL which I was able to configure for VPN access.
0
 
LVL 1

Author Closing Comment

by:PM_IT
ID: 39952708
No points awarded since I found a work around.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use the Google Now Launcher, as an aftermarket add on, have a Samsung Note 5 and are worried about power consumption be wary of using the ultra power saving mode.  Here is what happened to me when I made the mistake of trying this out...
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question