Solved

VPN connection from Android to ASA 5510

Posted on 2014-03-14
4
1,441 Views
Last Modified: 2014-03-25
I have been trying to connect a Samsung Galaxy S4 with the latest Android OS 4.4.2 to an ASA 5510 using the built-in VPN client and Inside Secure VPN Client 3.0.1. I know I need a license for the AnyConnect Mobile client. I can successfully get Phase 1 to complete but then if fails on Phase 2 with an array of different errors depending on what I have modified on the profile. I have searched the web for resolutions to the errors but haven't come across an answer. The iPhones in the office can connect using the native VPN client. Has anyone had success getting this connection to work. I have searched the web and EE but no success getting the correct settings. If it will not work I will discuss purchasing the correct license. I will post a config if needed I just want to know if it is possible before spending to much more time testing the configuration.
0
Comment
Question by:PM_IT
  • 3
4 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39930377
On the ASA:

debug crypto isakmp 25
debug crypto ipsec 25
term mon

Then try it and show the detail (using X.X. for the first two octets of the public IPs).
0
 
LVL 1

Author Comment

by:PM_IT
ID: 39935003
I have confirmed the PSK is accurate.

Group = DefaultRAGroup, IP = 70.193.x.x, WARNING, had problems decrypting packet, probably due to mismatched pre-shared key.  Switching user to tunnel-group: DefaultL2LGroup
Mar 17 14:10:48 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, ERROR, had problems decrypting packet, probably due to mismatched pre-shared key.  Aborting
Mar 17 14:10:49 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:49 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:52 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:52 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, IKE MM Responder FSM error history (struct &0xad29da60)  <state>, <event>:  MM_DONE, EV_ERROR-->MM_WAIT_MSG5, EV_RESEND_MSG-->MM_WAIT_MSG5, NullEvent-->MM_SND_MSG4, EV_CRYPTO_ACTIVE-->MM_SND_MSG4, EV_SND_MSG-->MM_SND_MSG4, EV_START_TMR-->MM_SND_MSG4, EV_RESEND_MSG-->MM_WAIT_MSG5, EV_RESEND_MSG
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, IKE SA MM:3eff6c0b terminating:  flags 0x01000002, refcnt 0, tuncnt 0
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, sending delete/delete with reason message
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, constructing blank hash payload
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, constructing IKE delete payload
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, constructing qm hash payload
Mar 17 14:10:52 [IKEv1]: IP = 70.193.x.x, IKE_DECODE SENDING Message (msgid=8881b24b) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Mar 17 14:10:56 [IKEv1]: IP = 70.193.x.x, Received encrypted packet with no matching SA, dropping
Mar 17 14:11:04 [IKEv1]: IP = 70.193.x.x, Received encrypted packet with no matching SA, dropping
0
 
LVL 1

Accepted Solution

by:
PM_IT earned 0 total points
ID: 39942296
We have a SonicWALL which I was able to configure for VPN access.
0
 
LVL 1

Author Closing Comment

by:PM_IT
ID: 39952708
No points awarded since I found a work around.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Flashing Cisco Meraki MR18 with OpenWRT firmware ? 5 57
Extending  a subnet 9 37
Adups vulnerability 5 66
Windows 10 VPN? 6 44
You should read OS supplied guidelines before developing. I can't stress that enough. The guidelines will help you understand the reasons mobile app developers do what they do.  Apple is very particular when they review appstore submissions.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now