Solved

VPN connection from Android to ASA 5510

Posted on 2014-03-14
4
1,487 Views
Last Modified: 2014-03-25
I have been trying to connect a Samsung Galaxy S4 with the latest Android OS 4.4.2 to an ASA 5510 using the built-in VPN client and Inside Secure VPN Client 3.0.1. I know I need a license for the AnyConnect Mobile client. I can successfully get Phase 1 to complete but then if fails on Phase 2 with an array of different errors depending on what I have modified on the profile. I have searched the web for resolutions to the errors but haven't come across an answer. The iPhones in the office can connect using the native VPN client. Has anyone had success getting this connection to work. I have searched the web and EE but no success getting the correct settings. If it will not work I will discuss purchasing the correct license. I will post a config if needed I just want to know if it is possible before spending to much more time testing the configuration.
0
Comment
Question by:PM_IT
  • 3
4 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39930377
On the ASA:

debug crypto isakmp 25
debug crypto ipsec 25
term mon

Then try it and show the detail (using X.X. for the first two octets of the public IPs).
0
 
LVL 1

Author Comment

by:PM_IT
ID: 39935003
I have confirmed the PSK is accurate.

Group = DefaultRAGroup, IP = 70.193.x.x, WARNING, had problems decrypting packet, probably due to mismatched pre-shared key.  Switching user to tunnel-group: DefaultL2LGroup
Mar 17 14:10:48 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, ERROR, had problems decrypting packet, probably due to mismatched pre-shared key.  Aborting
Mar 17 14:10:49 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:49 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:52 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:52 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, IKE MM Responder FSM error history (struct &0xad29da60)  <state>, <event>:  MM_DONE, EV_ERROR-->MM_WAIT_MSG5, EV_RESEND_MSG-->MM_WAIT_MSG5, NullEvent-->MM_SND_MSG4, EV_CRYPTO_ACTIVE-->MM_SND_MSG4, EV_SND_MSG-->MM_SND_MSG4, EV_START_TMR-->MM_SND_MSG4, EV_RESEND_MSG-->MM_WAIT_MSG5, EV_RESEND_MSG
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, IKE SA MM:3eff6c0b terminating:  flags 0x01000002, refcnt 0, tuncnt 0
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, sending delete/delete with reason message
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, constructing blank hash payload
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, constructing IKE delete payload
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, constructing qm hash payload
Mar 17 14:10:52 [IKEv1]: IP = 70.193.x.x, IKE_DECODE SENDING Message (msgid=8881b24b) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Mar 17 14:10:56 [IKEv1]: IP = 70.193.x.x, Received encrypted packet with no matching SA, dropping
Mar 17 14:11:04 [IKEv1]: IP = 70.193.x.x, Received encrypted packet with no matching SA, dropping
0
 
LVL 1

Accepted Solution

by:
PM_IT earned 0 total points
ID: 39942296
We have a SonicWALL which I was able to configure for VPN access.
0
 
LVL 1

Author Closing Comment

by:PM_IT
ID: 39952708
No points awarded since I found a work around.
0

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Often, people trade privacy and security for convenience. However in today's concrete jungle, this is an extremely foolish decision considering the vast amount of technologies being used against consumer interest. First off, I won't waste any time e…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question