Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSec VPN on ASA5520 with ADSL peers ok, but not ok with Mobile Internet connection bands(3G,E or H)

We have an ASA5520 configured with a IPSec VPN, from any ADSL home/office our VPN clients can connect without any problem, but when we use our cellular phones in tetering mode (as an accesspoint) our VPN clients are impossible to connect. Same machines,same software, same operating system, same remote IP (ASA5520 external IP) only change Wifi connection (ADSL to cellular phone). The signal of cellular phones is not the problem we was doing the tests with different phones (IPHONE & ANDROID), different locations (all in spain) and differents providers (vodafone, orange and movistar) of internet by cellular phone.

We think that perhaps the problem is the licenses that our ASA5520 has... ¿Is our problem that our ASA do not have a license for this?

Our ASA5520 comes with this licenses:

------------------------------------------------------------------------------------------

Licensed features for this platform:

Maximum Physical Interfaces       : Unlimited      perpetual

Maximum VLANs                     : 150            perpetual

Inside Hosts                      : Unlimited      perpetual

Failover                          : Active/Active  perpetual

VPN-DES                           : Enabled        perpetual

VPN-3DES-AES                      : Enabled        perpetual

Security Contexts                 : 2              perpetual

GTP/GPRS                          : Disabled       perpetual

AnyConnect Premium Peers          : 2              perpetual

AnyConnect Essentials             : Disabled       perpetual

Other VPN Peers                   : 750            perpetual

Total VPN Peers                   : 750            perpetual

Shared License                    : Disabled       perpetual

AnyConnect for Mobile             : Disabled       perpetual

AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Advanced Endpoint Assessment      : Disabled       perpetual

UC Phone Proxy Sessions           : 2              perpetual

Total UC Proxy Sessions           : 2              perpetual

Botnet Traffic Filter             : Disabled       perpetual

Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license.

-------------------------------------------------------------------------------------

Sorry for my english.

Thanks for your response!

Best Regards!

8 REPLIES
New Member

Re: IPSec VPN on ASA5520 with ADSL peers ok, but not ok with Mob

hi there

Are you using certs?

cheers

Claudio

Sent from Cisco Technical Support iPad App

New Member

Re: IPSec VPN on ASA5520 with ADSL peers ok, but not ok with Mob

No, we are not using certificates, we are using preshared keys.

New Member

Re: IPSec VPN on ASA5520 with ADSL peers ok, but not ok with Mob

I have the same setup and it works.

Iphone as access point (no vpn), then PC using Wifi connection to Iphone and PC establishes an ipsec connection to the ASA.

Sent from Cisco Technical Support iPad App

New Member

Re: IPSec VPN on ASA5520 with ADSL peers ok, but not ok with Mob

What licenses has your asa?

Has "AnyConnect Essentials" feature Enabled?

Could you paste me the license features that your asa has Enabled?

Thanks for your response!

Best Regards!!

New Member

Re: IPSec VPN on ASA5520 with ADSL peers ok, but not ok with Mob

yes, it's with anyconnect essentials lic.

If this lic was missing, you should see a lic failure in the Fw's log.

Sent from Cisco Technical Support iPad App

New Member

Re: IPSec VPN on ASA5520 with ADSL peers ok, but not ok with Mob

Essentials Lic is only used for SSL Vpn, Ipsec with ipsec client is free of charge.

Sent from Cisco Technical Support iPad App

New Member

Re: IPSec VPN on ASA5520 with ADSL peers ok, but not ok with Mob

Exactly, I think that IPSec is free up to 750 simultaneous connections. I will try upgrade the android versions of my cellular phones and I will try again the tests. Perhaps is an android issue, tomorrow I will try iphone too.

I have too one Debian (linux) box with strongswan installed and run perfectly with this actual version of android but perhaps asa5520 need an upgrade of android IPSec implementation...

Thanks for your help! Is very useful!

Best Regards!

New Member

Re: IPSec VPN on ASA5520 with ADSL peers ok, but not ok with Mob

Issue solved! Thanks c.spescha for your help! The problem was an old "IPSec passthrought" implementation in our old android phones, in latest versions of cyanogenmod the vpn is working whiout problems. Iphone work good too.

Thanks!

Best Regards!

894
Views
0
Helpful
8
Replies
CreatePlease to create content