Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
16347
Views
7
Helpful
14
Replies

Anyconnect vpn for Android phones

Go to solution
collinks2
Level 5
Level 5

‎01-21-2017 12:52 PM - edited ‎02-21-2020 09:07 PM

Hello,

I am having issues with any connect vpn for Android phones. I have downloaded the any connect vpn mobility client from the Google store. Each time I try to connect, I will get an error 'cannot communicate with the server'.

However the Cisco mobility VPN client for Windows can connect which that installation on the router was done successfully. Do I need to install a different any connect vpn pancake for Android phones

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to collinks2

‎01-27-2017 10:34 AM

Ok I see your issue (at least one of potential issues).

Could you run the command show ssl and paste the output?

When you're trying to access your https link, we get the message:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

If you're using IE, you won't see it as IE isn't showing CIPHER Mismatch.

If you don't have in your list the following:

aes128-sha1 aes256-sha1 3des-sha1

Can you add them with command:

ssh encryption aes128-sha1 aes256-sha1 3des-sha1

Thanks


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

14 Replies 14

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-21-2017 01:45 PM

Hi

How the VPN is connected? (User/Password, Certificates,...)

If it's working with Windows, let's assume that everything is fine.

How you're trying to connect? Using DNS or IP?

If you're using DNS, could you try with IP?

Could you share logs of Anyconnect Android client? (here is the link how to export logs: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/user/xmart/b_Android_User_Guide/b_Android_User_Guide_chapter_0101.html)

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
collinks2
Level 5
Level 5
In response to Francesco Molino

‎01-21-2017 10:10 PM

Hello Support lan,

Thank you for your response. The vpn is connected through username/password  using Cisco any connect vpn mobility client. Only  the Internet Explorer can display the vpn Web page. Other Web browsers can't due to certificate issue. Am using self signed certificate

Am using ip address to connect. I will check the logs.

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to collinks2

‎01-22-2017 03:03 AM

Hi,

The error you are getting is due to the fact that your WebVPN IP address isn't reachable from your Andriod device.

How is your Andriod connecting to ASA or IOS AnyConnect Server? Also, since you are using self-signed certificate, did you enable the option to allow users to continue with untrusted certificates. If not then this could be the reason for Andriod phone not connecting.

Go to solution
collinks2
Level 5
Level 5
In response to Mohammed al Baqari

‎01-22-2017 04:42 AM

Hello Mohammed,

Thank you for your response. Am using Cisco ios as the gateway vpn. I disabled the option of blocking untrusted servers in Android phone. Do I need to do the same in the Cisco ios? How do I do that?

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to collinks2

‎01-22-2017 07:26 AM

Hi

I'm sorry, I don't see any log file.

On IOS config, you don't have any config to allow untrusted servers.

Could you send me the log file please on PM or attached it again on the post?

Thanks


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
collinks2
Level 5
Level 5
In response to Francesco Molino

‎01-22-2017 07:40 AM

yes on ios config,i do not have any config to allow untrusted servers.see attachment

Preview file
283 KB
Preview file
68 KB
Preview file
8 KB
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to collinks2

‎01-22-2017 08:40 AM

Does it works from Apple IOS devices?

The config seems to be ok but on Android I see a message "unable to find certificate for given ID" that sound strange. to be honest, I'm not very familiar with Android devices.

Could you run a debug webvpn on your router to see what happens when this mobile client is trying to connect.

Thanks


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
collinks2
Level 5
Level 5
In response to Francesco Molino

‎01-25-2017 10:08 AM

I have tried to run the the debug webvpn but I see nothing. Let's resolve the issue with certificate error. U can open ur browser and type https://165.90.243.10

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to collinks2

‎01-25-2017 02:59 PM

I'm not able to access your webpage.

Let me know when your link will back up.

Can you create me a account to connect with my mobile and see what happens? If Yes, PM me credentials.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
collinks2
Level 5
Level 5
In response to Francesco Molino

‎01-25-2017 04:20 PM

OK. It will be up by 8am Nigeria time. Send me  your email for the credentials

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to collinks2

‎01-27-2017 10:34 AM

Ok I see your issue (at least one of potential issues).

Could you run the command show ssl and paste the output?

When you're trying to access your https link, we get the message:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

If you're using IE, you won't see it as IE isn't showing CIPHER Mismatch.

If you don't have in your list the following:

aes128-sha1 aes256-sha1 3des-sha1

Can you add them with command:

ssh encryption aes128-sha1 aes256-sha1 3des-sha1

Thanks


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
collinks2
Level 5
Level 5
In response to Francesco Molino

‎01-27-2017 10:41 AM

That's the error message I get. I added only ssl encryption rcd-md5.will add that and update.

Thanks

0 Helpful

Go to solution
collinks2
Level 5
Level 5
In response to Francesco Molino

‎01-27-2017 11:12 AM

Hi,

Its working . My phone can connect. This forum is good.Thanks to all those who contributed. The only issue now is the untrusted signed certificate

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to collinks2

‎01-27-2017 11:26 AM

I'm happy that it works. You're very welcome.

Please don't forget to rate and mark as correct answer if that answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents