×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Android 4.3 VPN to ASA running 8.4.4(1)

Unanswered Question
Jan 14th, 2014
User Badges:

                   Ok guys need some help.  Took me a little time to get it to pass phase 2 but it still won't connect. 


This is the output of the debug just after completing phase 2


Jan 14 17:30:26 [IKEv1 DEBUG]Group = VPN_L2TP, IP = 108.38.203.107, Starting P2 rekey timer: 24480 seconds.
Jan 14 17:30:26 [IKEv1]Group = VPN_L2TP, IP = 108.38.203.107, PHASE 2 COMPLETED (msgid=af981d0d)
Jan 14 17:30:26 [IKEv1]IKEQM_Active() Add L2TP classification rules: ip <108.38.203.107> mask <0xFFFFFFFF> port <4500>
Jan 14 17:30:28 [IKEv1 DEBUG]Group = VPN_L2TP, IP = 108.38.203.107, IKE SA AM:0c773824 rcv'd Terminate: state AM_ACTIVE  flags 0x00000041, refcnt 1, tuncnt 1
Jan 14 17:30:28 [IKEv1 DEBUG]Group = VPN_L2TP, IP = 108.38.203.107, sending delete/delete with reason message
Jan 14 17:30:28 [IKEv1 DEBUG]Group = VPN_L2TP, IP = 108.38.203.107, constructing blank hash payload
Jan 14 17:30:28 [IKEv1 DEBUG]Group = VPN_L2TP, IP = 108.38.203.107, constructing IPSec delete payload
Jan 14 17:30:28 [IKEv1 DEBUG]Group = VPN_L2TP, IP = 108.38.203.107, constructing qm hash payload
Jan 14 17:30:28 [IKEv1]IP = 108.38.203.107, IKE_DECODE SENDING Message (msgid=ed44a762) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 68
Jan 14 17:30:28 [IKEv1 DEBUG]Group = VPN_L2TP, IP = 108.38.203.107, Active unit receives a delete event for remote peer 108.38.203.107.

Jan 14 17:30:28 [IKEv1 DEBUG]Group = VPN_L2TP, IP = 108.38.203.107, IKE Deleting SA: Remote Proxy 108.38.203.107, Local Proxy 23.25.183.161
Jan 14 17:30:28 [IKEv1 DEBUG]Group = VPN_L2TP, IP = 108.38.203.107, IKE SA AM:0c773824 terminating:  flags 0x01000001, refcnt 0, tuncnt 0
Jan 14 17:30:28 [IKEv1 DEBUG]Group = VPN_L2TP, IP = 108.38.203.107, sending delete/delete with reason message
Jan 14 17:30:28 [IKEv1 DEBUG]Group = VPN_L2TP, IP = 108.38.203.107, constructing blank hash payload
Jan 14 17:30:28 [IKEv1 DEBUG]Group = VPN_L2TP, IP = 108.38.203.107, constructing IKE delete payload
Jan 14 17:30:28 [IKEv1 DEBUG]Group = VPN_L2TP, IP = 108.38.203.107, constructing qm hash payload
Jan 14 17:30:28 [IKEv1]IP = 108.38.203.107, IKE_DECODE SENDING Message (msgid=ddeff6f) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Jan 14 17:30:28 [IKEv1 DEBUG]Pitcher: received key delete msg, spi 0x42fc488c
Jan 14 17:30:28 [IKEv1 DEBUG]Pitcher: received key delete msg, spi 0x42fc488c
Jan 14 17:30:28 [IKEv1]Group = VPN_L2TP, IP = 108.38.203.107, Session is being torn down. Reason: L2TP initiated
Jan 14 17:30:28 [IKEv1]Ignoring msg to mark SA with dsID 65536 dead because SA deleted


This is the running config


crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA mode transport
crypto dynamic-map dyn1 1 set ikev1 transform-set ESP-AES-256-SHA ESP-3DES-SHA
crypto dynamic-map dyn1 1 set reverse-route

crypto map outside_map 100 ipsec-isakmp dynamic dyn1
crypto map outside_map interface outside


crypto ikev1 enable outside

crypto ikev1 policy 10

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400


tunnel-group VPN_L2TP type remote-access

tunnel-group VPN_L2TP general-attributes

address-pool VPN-Pool

default-group-policy l2tp-ipsec_policy

tunnel-group VPN_L2TP ipsec-attributes

ikev1 pre-shared-key *****

tunnel-group VPN_L2TP ppp-attributes

authentication ms-chap-v2



group-policy l2tp-ipsec_policy internal

group-policy l2tp-ipsec_policy attributes

dns-server value 172.16.10.10 172.16.10.9

vpn-tunnel-protocol l2tp-ipsec

default-domain value crwdb.int

address-pools value VPN-Pool


The Android device is configured to land on the VPN_L2TP Tunnel Group.


Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion