Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ipad VPN to Cisco ASA 5520

Hi,

I'm trying to get my ipad to VPN to our Cisco ASA5520.

I believe I have all of the settings correct on both ends (I am able to vpn to the asa using a cisco 871 as the remote client).

I suspect that for some reason the vpn client on the ipad isn't even getting to the asa. My question is: How can I monitor the ASA logs to see if the connection is even being attempted and possibly find the failure?

Thanks

M

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ipad VPN to Cisco ASA 5520

try :-

debug crypto isakmp

debug crypto ipsec

sh vpn-sessiondb remote  ( to see if client is connected )

I configured ipad for remote vpn client , the user was able to connect to the 5520 but for reason i had to use ip addresses to access but i couldnt use internal dns names. trying to figure that out as of right now.

hope it helps

Manish

3 REPLIES

Re: ipad VPN to Cisco ASA 5520

try :-

debug crypto isakmp

debug crypto ipsec

sh vpn-sessiondb remote  ( to see if client is connected )

I configured ipad for remote vpn client , the user was able to connect to the 5520 but for reason i had to use ip addresses to access but i couldnt use internal dns names. trying to figure that out as of right now.

hope it helps

Manish

New Member

Re: ipad VPN to Cisco ASA 5520

What does your dynamic crypto map use for it's transform set?  I ran into a similar issue where ipsec clients hw/sw could connect, but not IPad.  I had to configure the dynamic map to also use 3des/md5 to make it work.

But as last person mentioned, debug for crypto isakmp and ipsec to make sure the device can reach the ASA.

New Member

Re: ipad VPN to Cisco ASA 5520

Hi,

Finally got it to work. Thanks for the tip on how to watch debug stuf for ipsec.

I saw that the problem was no address pool was assigned to the tunnel group.

This leads to a new question but I'll post another thread.

Tanks again!

M

2948
Views
5
Helpful
3
Replies