Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VPN connection from Android to ASA 5510

Posted on 2014-03-14
4
Medium Priority
?
1,521 Views
Last Modified: 2014-03-25
I have been trying to connect a Samsung Galaxy S4 with the latest Android OS 4.4.2 to an ASA 5510 using the built-in VPN client and Inside Secure VPN Client 3.0.1. I know I need a license for the AnyConnect Mobile client. I can successfully get Phase 1 to complete but then if fails on Phase 2 with an array of different errors depending on what I have modified on the profile. I have searched the web for resolutions to the errors but haven't come across an answer. The iPhones in the office can connect using the native VPN client. Has anyone had success getting this connection to work. I have searched the web and EE but no success getting the correct settings. If it will not work I will discuss purchasing the correct license. I will post a config if needed I just want to know if it is possible before spending to much more time testing the configuration.
0
Comment
Question by:PM_IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 29

Expert Comment

by:Jan Springer
ID: 39930377
On the ASA:

debug crypto isakmp 25
debug crypto ipsec 25
term mon

Then try it and show the detail (using X.X. for the first two octets of the public IPs).
0
 
LVL 1

Author Comment

by:PM_IT
ID: 39935003
I have confirmed the PSK is accurate.

Group = DefaultRAGroup, IP = 70.193.x.x, WARNING, had problems decrypting packet, probably due to mismatched pre-shared key.  Switching user to tunnel-group: DefaultL2LGroup
Mar 17 14:10:48 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, ERROR, had problems decrypting packet, probably due to mismatched pre-shared key.  Aborting
Mar 17 14:10:49 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:49 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:52 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:52 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, IKE MM Responder FSM error history (struct &0xad29da60)  <state>, <event>:  MM_DONE, EV_ERROR-->MM_WAIT_MSG5, EV_RESEND_MSG-->MM_WAIT_MSG5, NullEvent-->MM_SND_MSG4, EV_CRYPTO_ACTIVE-->MM_SND_MSG4, EV_SND_MSG-->MM_SND_MSG4, EV_START_TMR-->MM_SND_MSG4, EV_RESEND_MSG-->MM_WAIT_MSG5, EV_RESEND_MSG
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, IKE SA MM:3eff6c0b terminating:  flags 0x01000002, refcnt 0, tuncnt 0
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, sending delete/delete with reason message
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, constructing blank hash payload
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, constructing IKE delete payload
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, constructing qm hash payload
Mar 17 14:10:52 [IKEv1]: IP = 70.193.x.x, IKE_DECODE SENDING Message (msgid=8881b24b) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Mar 17 14:10:56 [IKEv1]: IP = 70.193.x.x, Received encrypted packet with no matching SA, dropping
Mar 17 14:11:04 [IKEv1]: IP = 70.193.x.x, Received encrypted packet with no matching SA, dropping
0
 
LVL 1

Accepted Solution

by:
PM_IT earned 0 total points
ID: 39942296
We have a SonicWALL which I was able to configure for VPN access.
0
 
LVL 1

Author Closing Comment

by:PM_IT
ID: 39952708
No points awarded since I found a work around.
0

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question