Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

VPN connection from Android to ASA 5510

Posted on 2014-03-14
4
1,480 Views
Last Modified: 2014-03-25
I have been trying to connect a Samsung Galaxy S4 with the latest Android OS 4.4.2 to an ASA 5510 using the built-in VPN client and Inside Secure VPN Client 3.0.1. I know I need a license for the AnyConnect Mobile client. I can successfully get Phase 1 to complete but then if fails on Phase 2 with an array of different errors depending on what I have modified on the profile. I have searched the web for resolutions to the errors but haven't come across an answer. The iPhones in the office can connect using the native VPN client. Has anyone had success getting this connection to work. I have searched the web and EE but no success getting the correct settings. If it will not work I will discuss purchasing the correct license. I will post a config if needed I just want to know if it is possible before spending to much more time testing the configuration.
0
Comment
Question by:PM_IT
  • 3
4 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39930377
On the ASA:

debug crypto isakmp 25
debug crypto ipsec 25
term mon

Then try it and show the detail (using X.X. for the first two octets of the public IPs).
0
 
LVL 1

Author Comment

by:PM_IT
ID: 39935003
I have confirmed the PSK is accurate.

Group = DefaultRAGroup, IP = 70.193.x.x, WARNING, had problems decrypting packet, probably due to mismatched pre-shared key.  Switching user to tunnel-group: DefaultL2LGroup
Mar 17 14:10:48 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, ERROR, had problems decrypting packet, probably due to mismatched pre-shared key.  Aborting
Mar 17 14:10:49 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:49 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:50 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:52 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Mar 17 14:10:52 [IKEv1]: Group = DefaultL2LGroup, IP = 70.193.x.x, P1 Retransmit msg dispatched to MM FSM
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, IKE MM Responder FSM error history (struct &0xad29da60)  <state>, <event>:  MM_DONE, EV_ERROR-->MM_WAIT_MSG5, EV_RESEND_MSG-->MM_WAIT_MSG5, NullEvent-->MM_SND_MSG4, EV_CRYPTO_ACTIVE-->MM_SND_MSG4, EV_SND_MSG-->MM_SND_MSG4, EV_START_TMR-->MM_SND_MSG4, EV_RESEND_MSG-->MM_WAIT_MSG5, EV_RESEND_MSG
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, IKE SA MM:3eff6c0b terminating:  flags 0x01000002, refcnt 0, tuncnt 0
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, sending delete/delete with reason message
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, constructing blank hash payload
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, constructing IKE delete payload
Mar 17 14:10:52 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = 70.193.x.x, constructing qm hash payload
Mar 17 14:10:52 [IKEv1]: IP = 70.193.x.x, IKE_DECODE SENDING Message (msgid=8881b24b) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Mar 17 14:10:56 [IKEv1]: IP = 70.193.x.x, Received encrypted packet with no matching SA, dropping
Mar 17 14:11:04 [IKEv1]: IP = 70.193.x.x, Received encrypted packet with no matching SA, dropping
0
 
LVL 1

Accepted Solution

by:
PM_IT earned 0 total points
ID: 39942296
We have a SonicWALL which I was able to configure for VPN access.
0
 
LVL 1

Author Closing Comment

by:PM_IT
ID: 39952708
No points awarded since I found a work around.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question