Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

L2TP/IPSEC VPN - Android to Cisco Router

I am having issues getting an Android device to connect using the native L2TP/IPSEC VPN client.

With an iOS device, it connects fine. I have followed all of the online config guidance I can find but nothing seems to help on the Android side.

Here is my config:

vpdn enable

vpdn-group l2tpvpn

! Default L2TP VPDN group

accept-dialin

  protocol l2tp

  virtual-template 1

lcp renegotiation always

l2tp tunnel hello 15

no l2tp tunnel authentication

l2tp tunnel receive-window 1024

l2tp ip udp checksum

ip pmtu

ip mtu adjust

username dan privilege 15 password dan

crypto isakmp policy 1

encr 3des

group 2

authentication pre-share

lifetime 3600

crypto isakmp key cisco address 0.0.0.0 0.0.0.0 no-xauth

crypto isakmp fragmentation

!

!

crypto ipsec transform-set L2TP-TS esp-3des esp-sha-hmac

mode transport require

crypto ipsec transform-set L2TP-TS1 esp-aes esp-sha-hmac

mode transport require

crypto ipsec transform-set L2TP-TS2 ah-sha-hmac esp-3des

mode transport

crypto ipsec transform-set L2TP-TS3 ah-md5-hmac esp-3des

mode transport

crypto ipsec transform-set L2TP-TS4 ah-md5-hmac esp-aes

mode transport

crypto ipsec transform-set L2TP-TS5 ah-sha-hmac esp-aes

mode transport

!

crypto dynamic-map dynvpn 1

set nat demux

set security-association lifetime seconds 28800

set transform-set L2TP-TS1

crypto map clientmap 30 ipsec-isakmp dynamic dynvpn

interface FastEthernet0/0

description Internet Connection

ip address <INTERNET>

duplex auto

speed auto

crypto map clientmap

interface FastEthernet0/0/3

!

interface Virtual-Template1

ip unnumbered Vlan8

ip mtu 1398

peer default ip address pool VPN

keepalive 5

ppp mtu adaptive

ppp authentication pap ms-chap ms-chap-v2 chap

ip local pool VPN 10.1.8.201 10.1.8.221

ip route 0.0.0.0 0.0.0.0 <INTERNET>

Add some debug (crypto isakamp and crypto ipsec):

local_proxy= <INTERNET>/255.255.255.255/17/1701 (type=1),

    remote_proxy= <ANDROID>/255.255.255.255/17/0 (type=1),

    protocol= ESP, transform= NONE  (Transport-UDP),

    lifedur= 0s and 0kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

*Jan 29 01:33:06.425: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:

    {esp-aes 256 esp-md5-hmac }

*Jan 29 01:33:06.425: ISAKMP:(1243): IPSec policy invalidated proposal with error 256

*Jan 29 01:33:06.425: IPSEC(validate_proposal_request): proposal part #1

*Jan 29 01:33:06.425: IPSEC(validate_proposal_request): proposal part #1,

  (key eng. msg.) INBOUND local= <INTERNET>, remote= <ANDROID>,

    local_proxy= <INTERNET>/255.255.255.255/17/1701 (type=1),

    remote_proxy= <ANDROID>/255.255.255.255/17/0 (type=1),

    protocol= ESP, transform= NONE  (Transport-UDP),

    lifedur= 0s and 0kb,

    spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0

*Jan 29 01:33:06.425: ISAKMP:(1243): processing NONCE payload. message ID = -2100912043

*Jan 29 01:33:06.425: ISAKMP:(1243): processing ID payload. message ID = -2100912043

*Jan 29 01:33:06.425: ISAKMP:(1243): processing ID payload. message ID = -2100912043

*Jan 29 01:33:06.429: ISAKMP:(1243):QM Responder gets spi

*Jan 29 01:33:06.429: ISAKMP:(1243):Node -2100912043, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

*Jan 29 01:33:06.429: ISAKMP:(1243):Old State = IKE_QM_READY  New State = IKE_QM_SPI_STARVE

*Jan 29 01:33:06.429: ISAKMP:(1243): Creating IPSec SAs

*Jan 29 01:33:06.429:         inbound SA from <ANDROID> to <INTERNET> (f/i)  0/ 0

        (proxy <ANDROID> to <INTERNET>)

*Jan 29 01:33:06.429:         has spi 0x9A969C5 and conn_id 0

*Jan 29 01:33:06.429:         lifetime of 28800 seconds

*Jan 29 01:33:06.429:         outbound SA from <INTERNET> to <ANDROID> (f/i) 0/0

        (proxy <INTERNET> to <ANDROID>)

*Jan 29 01:33:06.429:         has spi  0xB59BEB and conn_id 0

*Jan 29 01:33:06.429:         lifetime of 28800 seconds

*Jan 29 01:33:06.429: ISAKMP:(1243): sending packet to <ANDROID> my_port 4500 peer_port 4500 (R) QM_IDLE

*Jan 29 01:33:06.429: ISAKMP:(1243):Sending an IKE IPv4 Packet.

*Jan 29 01:33:06.429: ISAKMP:(1243):Node -2100912043, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI

*Jan 29 01:33:06.433: ISAKMP:(1243):Old State = IKE_QM_SPI_STARVE  New State = IKE_QM_R_QM2

*Jan 29 01:33:06.433: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 01:33:06.433: IPSEC(policy_db_add_ident): src <INTERNET>, dest <ANDROID>, dest_port 4500

*Jan 29 01:33:06.433: IPSEC(create_sa): sa created,

  (sa) sa_dest= <INTERNET>, sa_proto= 50,

    sa_spi= 0x9A969C5(162097605),

    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2053

*Jan 29 01:33:06.433: IPSEC(create_sa): sa created,

  (sa) sa_dest= <ANDROID>, sa_proto= 50,

    sa_spi= 0xB59BEB(11901931),

    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2054

*Jan 29 01:33:06.601: ISAKMP (0:1243): received packet from <ANDROID> dport 4500 sport 4500 Global (R) QM_IDLE

*Jan 29 01:33:06.601: ISAKMP:(1243):deleting node -2100912043 error FALSE reason "QM done (await)"

*Jan 29 01:33:06.601: ISAKMP:(1243):Node -2100912043, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

*Jan 29 01:33:06.601: ISAKMP:(1243):Old State = IKE_QM_R_QM2  New State = IKE_QM_PHASE2_COMPLETE

*Jan 29 01:33:06.601: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 01:33:06.601: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP

*Jan 29 01:33:06.601: IPSEC(key_engine_enable_outbound): enable SA with spi 11901931/50

*Jan 29 01:33:06.601: IPSEC(update_current_outbound_sa): updated peer <ANDROID> current outbound sa to SPI B59BEB

*Jan 29 01:33:08.245: %INTERFACE_API-3-NODESTROYSUBBLOCK: The SWIDB subblock named SW FIB PENDING EVENT was not removed,  -Traceback= 0x60BB69F0 0x60365A1C 0x6036612C

*Jan 29 01:33:15.921: ISAKMP:(1241):purging SA., sa=63FDEA00, delme=63FDEA00

*Jan 29 01:33:56.405: ISAKMP:(1243):purging node -120856731

*Jan 29 01:33:56.417: ISAKMP:(1242):purging node -1787951035

*Jan 29 01:33:56.417: ISAKMP:(1242):purging node -1229870867

*Jan 29 01:33:56.601: ISAKMP:(1243):purging node -2100912043

*Jan 29 01:34:06.417: ISAKMP:(1242):purging SA., sa=653E1810, delme=653E1810

eRecharge-VPN-RTR1#

eRecharge-VPN-RTR1#

*Jan 29 01:35:29.625: ISAKMP (0:0): received packet from <ANDROID> dport 500 sport 500 Global (N) NEW SA

*Jan 29 01:35:29.625: ISAKMP: Created a peer struct for <ANDROID>, peer port 500

*Jan 29 01:35:29.625: ISAKMP: New peer created peer = 0x653EE3F0 peer_handle = 0x80000A91

*Jan 29 01:35:29.625: ISAKMP: Locking peer struct 0x653EE3F0, refcount 1 for crypto_isakmp_process_block

*Jan 29 01:35:29.629: ISAKMP: local port 500, remote port 500

*Jan 29 01:35:29.629: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 640A5FD8

*Jan 29 01:35:29.629: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 01:35:29.629: ISAKMP:(0):Old State = IKE_READY  New State = IKE_R_MM1

*Jan 29 01:35:29.629: ISAKMP:(0): processing SA payload. message ID = 0

*Jan 29 01:35:29.629: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.629: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch

*Jan 29 01:35:29.629: ISAKMP (0:0): vendor ID is NAT-T RFC 3947

*Jan 29 01:35:29.629: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.629: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch

*Jan 29 01:35:29.629: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.629: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

*Jan 29 01:35:29.629: ISAKMP:(0): vendor ID is NAT-T v2

*Jan 29 01:35:29.629: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.629: ISAKMP:(0): vendor ID seems Unity/DPD but major 221 mismatch

*Jan 29 01:35:29.629: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.629: ISAKMP:(0): processing IKE frag vendor id payload

*Jan 29 01:35:29.629: ISAKMP:(0): vendor ID is IKE Fragmentation

*Jan 29 01:35:29.629: ISAKMP:(0): MM Fragmentation supported

*Jan 29 01:35:29.629: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.629: ISAKMP:(0): vendor ID is DPD

*Jan 29 01:35:29.629: ISAKMP:(0):found peer pre-shared key matching <ANDROID>

*Jan 29 01:35:29.633: ISAKMP:(0): local preshared key found

*Jan 29 01:35:29.633: ISAKMP : Scanning profiles for xauth ...

*Jan 29 01:35:29.633: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy

*Jan 29 01:35:29.633: ISAKMP:      life type in seconds

*Jan 29 01:35:29.633: ISAKMP:      life duration (basic) of 28800

*Jan 29 01:35:29.633: ISAKMP:      encryption AES-CBC

*Jan 29 01:35:29.633: ISAKMP:      keylength of 256

*Jan 29 01:35:29.633: ISAKMP:      auth pre-share

*Jan 29 01:35:29.633: ISAKMP:      hash SHA

*Jan 29 01:35:29.633: ISAKMP:      default group 2

*Jan 29 01:35:29.633: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 01:35:29.633: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 01:35:29.633: ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy

*Jan 29 01:35:29.633: ISAKMP:      life type in seconds

*Jan 29 01:35:29.633: ISAKMP:      life duration (basic) of 28800

*Jan 29 01:35:29.633: ISAKMP:      encryption AES-CBC

*Jan 29 01:35:29.633: ISAKMP:      keylength of 256

*Jan 29 01:35:29.633: ISAKMP:      auth pre-share

*Jan 29 01:35:29.633: ISAKMP:      hash MD5

*Jan 29 01:35:29.633: ISAKMP:      default group 2

*Jan 29 01:35:29.633: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 01:35:29.633: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 01:35:29.633: ISAKMP:(0):Checking ISAKMP transform 3 against priority 1 policy

*Jan 29 01:35:29.633: ISAKMP:      life type in seconds

*Jan 29 01:35:29.633: ISAKMP:      life duration (basic) of 28800

*Jan 29 01:35:29.633: ISAKMP:      encryption AES-CBC

*Jan 29 01:35:29.633: ISAKMP:      keylength of 128

*Jan 29 01:35:29.633: ISAKMP:      auth pre-share

*Jan 29 01:35:29.633: ISAKMP:      hash SHA

*Jan 29 01:35:29.633: ISAKMP:      default group 2

*Jan 29 01:35:29.633: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 01:35:29.633: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 01:35:29.633: ISAKMP:(0):Checking ISAKMP transform 4 against priority 1 policy

*Jan 29 01:35:29.633: ISAKMP:      life type in seconds

*Jan 29 01:35:29.633: ISAKMP:      life duration (basic) of 28800

*Jan 29 01:35:29.633: ISAKMP:      encryption AES-CBC

*Jan 29 01:35:29.633: ISAKMP:      keylength of 128

*Jan 29 01:35:29.633: ISAKMP:      auth pre-share

*Jan 29 01:35:29.633: ISAKMP:      hash MD5

*Jan 29 01:35:29.633: ISAKMP:      default group 2

*Jan 29 01:35:29.633: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 01:35:29.633: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 01:35:29.633: ISAKMP:(0):Checking ISAKMP transform 5 against priority 1 policy

*Jan 29 01:35:29.633: ISAKMP:      life type in seconds

*Jan 29 01:35:29.633: ISAKMP:      life duration (basic) of 28800

*Jan 29 01:35:29.633: ISAKMP:      encryption 3DES-CBC

*Jan 29 01:35:29.633: ISAKMP:      auth pre-share

*Jan 29 01:35:29.633: ISAKMP:      hash SHA

*Jan 29 01:35:29.633: ISAKMP:      default group 2

*Jan 29 01:35:29.633: ISAKMP:(0):atts are acceptable. Next payload is 3

*Jan 29 01:35:29.637: ISAKMP:(0):Acceptable atts:actual life: 3600

*Jan 29 01:35:29.637: ISAKMP:(0):Acceptable atts:life: 0

*Jan 29 01:35:29.637: ISAKMP:(0):Basic life_in_seconds:28800

*Jan 29 01:35:29.637: ISAKMP:(0):Returning Actual lifetime: 3600

*Jan 29 01:35:29.637: ISAKMP:(0)::Started lifetime timer: 3600.

*Jan 29 01:35:29.637: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.637: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch

*Jan 29 01:35:29.637: ISAKMP (0:0): vendor ID is NAT-T RFC 3947

*Jan 29 01:35:29.637: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.637: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch

*Jan 29 01:35:29.637: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.637: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

*Jan 29 01:35:29.637: ISAKMP:(0): vendor ID is NAT-T v2

*Jan 29 01:35:29.637: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.637: ISAKMP:(0): vendor ID seems Unity/DPD but major 221 mismatch

*Jan 29 01:35:29.637: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.637: ISAKMP:(0): processing IKE frag vendor id payload

*Jan 29 01:35:29.637: ISAKMP:(0): vendor ID is IKE Fragmentation

*Jan 29 01:35:29.637: ISAKMP:(0): MM Fragmentation supported

*Jan 29 01:35:29.637: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.637: ISAKMP:(0): vendor ID is DPD

*Jan 29 01:35:29.637: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

*Jan 29 01:35:29.637: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM1

*Jan 29 01:35:29.641: ISAKMP:(0):sending IKE_FRAG vendor ID

*Jan 29 01:35:29.641: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID

*Jan 29 01:35:29.641: ISAKMP:(0): sending packet to <ANDROID> my_port 500 peer_port 500 (R) MM_SA_SETUP

*Jan 29 01:35:29.641: ISAKMP:(0):Sending an IKE IPv4 Packet.

*Jan 29 01:35:29.641: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Jan 29 01:35:29.641: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM2

*Jan 29 01:35:29.869: ISAKMP (0:0): received packet from <ANDROID> dport 500 sport 500 Global (R) MM_SA_SETUP

*Jan 29 01:35:29.869: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 01:35:29.869: ISAKMP:(0):Old State = IKE_R_MM2  New State = IKE_R_MM3

*Jan 29 01:35:29.869: ISAKMP:(0): processing KE payload. message ID = 0

*Jan 29 01:35:29.953: ISAKMP:(0): processing NONCE payload. message ID = 0

*Jan 29 01:35:29.953: ISAKMP:(0):found peer pre-shared key matching <ANDROID>

*Jan 29 01:35:29.953: ISAKMP:received payload type 20

*Jan 29 01:35:29.953: ISAKMP:received payload type 20

*Jan 29 01:35:29.953: ISAKMP (0:1244): NAT found, the node outside NAT

*Jan 29 01:35:29.957: ISAKMP:(1244):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

*Jan 29 01:35:29.957: ISAKMP:(1244):Old State = IKE_R_MM3  New State = IKE_R_MM3

*Jan 29 01:35:29.957: ISAKMP:(1244): sending packet to <ANDROID> my_port 500 peer_port 500 (R) MM_KEY_EXCH

*Jan 29 01:35:29.957: ISAKMP:(1244):Sending an IKE IPv4 Packet.

*Jan 29 01:35:29.957: ISAKMP:(1244):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Jan 29 01:35:29.957: ISAKMP:(1244):Old State = IKE_R_MM3  New State = IKE_R_MM4

*Jan 29 01:35:30.249: ISAKMP (0:1244): received packet from <ANDROID> dport 4500 sport 4500 Global (R) MM_KEY_EXCH

*Jan 29 01:35:30.249: ISAKMP:(1244):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 01:35:30.249: ISAKMP:(1244):Old State = IKE_R_MM4  New State = IKE_R_MM5

*Jan 29 01:35:30.253: ISAKMP:(1244): processing ID payload. message ID = 0

*Jan 29 01:35:30.253: ISAKMP (0:1244): ID payload

        next-payload : 8

        type         : 1

        address      : 192.170.100.113

        protocol     : 17

        port         : 500

        length       : 12

*Jan 29 01:35:30.253: ISAKMP:(0):: peer matches *none* of the profiles

*Jan 29 01:35:30.253: ISAKMP:(1244): processing HASH payload. message ID = 0

*Jan 29 01:35:30.253: ISAKMP:(1244):SA authentication status:

        authenticated

*Jan 29 01:35:30.253: ISAKMP:(1244):SA has been authenticated with <ANDROID>

*Jan 29 01:35:30.253: ISAKMP:(1244):Detected port floating to port = 4500

*Jan 29 01:35:30.253: ISAKMP: Trying to insert a peer <INTERNET>/<ANDROID>/4500/,  and found existing one 64B90268 to reuse, free 653EE3F0

*Jan 29 01:35:30.253: ISAKMP: Unlocking peer struct 0x653EE3F0 Reuse existing peer, count 0

*Jan 29 01:35:30.253: ISAKMP: Deleting peer node by peer_reap for <ANDROID>: 653EE3F0

*Jan 29 01:35:30.253: ISAKMP: Locking peer struct 0x64B90268, refcount 2 for Reuse existing peer

*Jan 29 01:35:30.253: ISAKMP:(1244):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

*Jan 29 01:35:30.253: ISAKMP:(1244):Old State = IKE_R_MM5  New State = IKE_R_MM5

*Jan 29 01:35:30.253: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 01:35:30.257: ISAKMP:(1244):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

*Jan 29 01:35:30.257: ISAKMP (0:1244): ID payload

        next-payload : 8

        type         : 1

        address      : <INTERNET>

        protocol     : 17

        port         : 0

        length       : 12

*Jan 29 01:35:30.257: ISAKMP:(1244):Total payload length: 12

*Jan 29 01:35:30.257: ISAKMP:(1244): sending packet to <ANDROID> my_port 4500 peer_port 4500 (R) MM_KEY_EXCH

*Jan 29 01:35:30.257: ISAKMP:(1244):Sending an IKE IPv4 Packet.

*Jan 29 01:35:30.257: ISAKMP:(1244):Returning Actual lifetime: 3600

*Jan 29 01:35:30.257: ISAKMP: set new node 1108379192 to QM_IDLE

*Jan 29 01:35:30.257: ISAKMP:(1244):Sending NOTIFY RESPONDER_LIFETIME protocol 1

        spi 1688401496, message ID = 1108379192

*Jan 29 01:35:30.257: ISAKMP:(1244): sending packet to <ANDROID> my_port 4500 peer_port 4500 (R) MM_KEY_EXCH

*Jan 29 01:35:30.257: ISAKMP:(1244):Sending an IKE IPv4 Packet.

*Jan 29 01:35:30.257: ISAKMP:(1244):purging node 1108379192

*Jan 29 01:35:30.257: ISAKMP: Sending phase 1 responder lifetime 3600

*Jan 29 01:35:30.257: ISAKMP:(1244):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Jan 29 01:35:30.261: ISAKMP:(1244):Old State = IKE_R_MM5  New State = IKE_P1_COMPLETE

*Jan 29 01:35:30.261: ISAKMP:(1244):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE

*Jan 29 01:35:30.261: ISAKMP:(1244):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Jan 29 01:35:30.493: ISAKMP (0:1244): received packet from <ANDROID> dport 4500 sport 4500 Global (R) QM_IDLE

*Jan 29 01:35:30.493: ISAKMP: set new node -182504280 to QM_IDLE

*Jan 29 01:35:30.493: ISAKMP:(1244): processing HASH payload. message ID = -182504280

*Jan 29 01:35:30.493: ISAKMP:(1244): processing NOTIFY INITIAL_CONTACT protocol 1

        spi 0, message ID = -182504280, sa = 640A5FD8

*Jan 29 01:35:30.493: ISAKMP:(1244):SA authentication status:

        authenticated

*Jan 29 01:35:30.493: ISAKMP:(1244): Process initial contact,

bring down existing phase 1 and 2 SA's with local <INTERNET> remote <ANDROID> remote port 4500

*Jan 29 01:35:30.493: ISAKMP:(1243):received initial contact, deleting SA

*Jan 29 01:35:30.497: ISAKMP:(1243):peer does not do paranoid keepalives.

*Jan 29 01:35:30.497: ISAKMP:(1243):deleting SA reason "Receive initial contact" state (R) QM_IDLE       (peer <ANDROID>)

*Jan 29 01:35:30.497: ISAKMP:(1244):deleting node -182504280 error FALSE reason "Informational (in) state 1"

*Jan 29 01:35:30.497: ISAKMP:(1244):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY

*Jan 29 01:35:30.497: ISAKMP:(1244):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Jan 29 01:35:30.497: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 01:35:30.497: Delete IPsec SA by IC, local <INTERNET> remote <ANDROID> peer port 4500

*Jan 29 01:35:30.497: IPSEC(delete_sa): deleting SA,

  (sa) sa_dest= <INTERNET>, sa_proto= 50,

    sa_spi= 0x9A969C5(162097605),

    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2053,

  (identity) local= <INTERNET>, remote= <ANDROID>,

    local_proxy= <INTERNET>/255.255.255.255/17/1701 (type=1),

    remote_proxy= <ANDROID>/255.255.255.255/17/4500 (type=1)

*Jan 29 01:35:30.497: IPSEC(update_current_outbound_sa): updated peer <ANDROID> current outbound sa to SPI 0

*Jan 29 01:35:30.497: IPSEC(delete_sa): deleting SA,

  (sa) sa_dest= <ANDROID>, sa_proto= 50,

    sa_spi= 0xB59BEB(11901931),

    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2054,

  (identity) local= <INTERNET>, remote= <ANDROID>,

    local_proxy= <INTERNET>/255.255.255.255/17/1701 (type=1),

    remote_proxy= <ANDROID>/255.255.255.255/17/4500 (type=1)

*Jan 29 01:35:30.501: ISAKMP: set new node -1196491908 to QM_IDLE

*Jan 29 01:35:30.501: ISAKMP:(1243):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

*Jan 29 01:35:30.501: ISAKMP:(1243):Old State = IKE_P1_COMPLETE  New State = IKE_DEST_SA

*Jan 29 01:35:30.501: ISAKMP (0:1244): received packet from <ANDROID> dport 4500 sport 4500 Global (R) QM_IDLE

*Jan 29 01:35:30.501: ISAKMP: set new node -849535221 to QM_IDLE

*Jan 29 01:35:30.501: ISAKMP:(1244): processing HASH payload. message ID = -849535221

*Jan 29 01:35:30.505: ISAKMP:(1244): processing SA payload. message ID = -849535221

*Jan 29 01:35:30.505: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.505: ISAKMP: transform 1, ESP_AES

*Jan 29 01:35:30.505: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.505: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.505: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.505: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.505: ISAKMP:      key length is 256

*Jan 29 01:35:30.505: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 01:35:30.505: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.505: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.505: ISAKMP: transform 2, ESP_AES

*Jan 29 01:35:30.505: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.505: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.505: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.505: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.505: ISAKMP:      key length is 256

*Jan 29 01:35:30.505: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 01:35:30.505: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.505: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.505: ISAKMP: transform 3, ESP_AES

*Jan 29 01:35:30.505: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.505: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.505: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.505: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.505: ISAKMP:      key length is 128

*Jan 29 01:35:30.505: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 01:35:30.505: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.505: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.505: ISAKMP: transform 4, ESP_AES

*Jan 29 01:35:30.505: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.505: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.505: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.505: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.505: ISAKMP:      key length is 128

*Jan 29 01:35:30.505: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 01:35:30.505: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.505: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.505: ISAKMP: transform 5, ESP_3DES

*Jan 29 01:35:30.505: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.505: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.505: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.505: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.505: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 01:35:30.505: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.505: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.505: ISAKMP: transform 6, ESP_3DES

*Jan 29 01:35:30.505: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.505: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.509: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.509: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.509: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 01:35:30.509: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.509: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.509: ISAKMP: transform 7, ESP_DES

*Jan 29 01:35:30.509: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.509: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.509: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.509: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.509: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 01:35:30.509: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.509: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.509: ISAKMP: transform 8, ESP_DES

*Jan 29 01:35:30.509: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.509: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.509: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.509: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.509: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 01:35:30.509: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.509: IPSEC(validate_proposal_request): proposal part #1

*Jan 29 01:35:30.509: IPSEC(validate_proposal_request): proposal part #1,

  (key eng. msg.) INBOUND local= <INTERNET>, remote= <ANDROID>,

    local_proxy= <INTERNET>/255.255.255.255/17/1701 (type=1),

    remote_proxy= <ANDROID>/255.255.255.255/17/0 (type=1),

    protocol= ESP, transform= NONE  (Transport-UDP),

    lifedur= 0s and 0kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

*Jan 29 01:35:30.509: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:

    {esp-aes 256 esp-sha-hmac }

*Jan 29 01:35:30.509: ISAKMP:(1244): IPSec policy invalidated proposal with error 256

*Jan 29 01:35:30.509: IPSEC(validate_proposal_request): proposal part #1

*Jan 29 01:35:30.509: IPSEC(validate_proposal_request): proposal part #1,

  (key eng. msg.) INBOUND local= <INTERNET>, remote= <ANDROID>,

    local_proxy= <INTERNET>/255.255.255.255/17/1701 (type=1),

    remote_proxy= <ANDROID>/255.255.255.255/17/0 (type=1),

    protocol= ESP, transform= NONE  (Transport-UDP),

    lifedur= 0s and 0kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

*Jan 29 01:35:30.509: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:

    {esp-aes 256 esp-md5-hmac }

*Jan 29 01:35:30.509: ISAKMP:(1244): IPSec policy invalidated proposal with error 256

*Jan 29 01:35:30.509: IPSEC(validate_proposal_request): proposal part #1

*Jan 29 01:35:30.509: IPSEC(validate_proposal_request): proposal part #1,

  (key eng. msg.) INBOUND local= <INTERNET>, remote= <ANDROID>,

    local_proxy= <INTERNET>/255.255.255.255/17/1701 (type=1),

    remote_proxy= <ANDROID>/255.255.255.255/17/0 (type=1),

    protocol= ESP, transform= NONE  (Transport-UDP),

    lifedur= 0s and 0kb,

    spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0

*Jan 29 01:35:30.513: ISAKMP:(1244): processing NONCE payload. message ID = -849535221

*Jan 29 01:35:30.513: ISAKMP:(1244): processing ID payload. message ID = -849535221

*Jan 29 01:35:30.513: ISAKMP:(1244): processing ID payload. message ID = -849535221

*Jan 29 01:35:30.513: ISAKMP:(1244):QM Responder gets spi

*Jan 29 01:35:30.513: ISAKMP:(1244):Node -849535221, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

*Jan 29 01:35:30.513: ISAKMP:(1244):Old State = IKE_QM_READY  New State = IKE_QM_SPI_STARVE

*Jan 29 01:35:30.513: ISAKMP:(1244): Creating IPSec SAs

*Jan 29 01:35:30.513:         inbound SA from <ANDROID> to <INTERNET> (f/i)  0/ 0

        (proxy <ANDROID> to <INTERNET>)

*Jan 29 01:35:30.513:         has spi 0x4878E485 and conn_id 0

*Jan 29 01:35:30.513:         lifetime of 28800 seconds

*Jan 29 01:35:30.513:         outbound SA from <INTERNET> to <ANDROID> (f/i) 0/0

        (proxy <INTERNET> to <ANDROID>)

*Jan 29 01:35:30.513:         has spi  0xEB65E76 and conn_id 0

*Jan 29 01:35:30.513:         lifetime of 28800 seconds

*Jan 29 01:35:30.517: ISAKMP:(1244): sending packet to <ANDROID> my_port 4500 peer_port 4500 (R) QM_IDLE

*Jan 29 01:35:30.517: ISAKMP:(1244):Sending an IKE IPv4 Packet.

*Jan 29 01:35:30.517: ISAKMP:(1244):Node -849535221, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI

*Jan 29 01:35:30.517: ISAKMP:(1244):Old State = IKE_QM_SPI_STARVE  New State = IKE_QM_R_QM2

*Jan 29 01:35:30.517: ISAKMP: set new node -34372654 to QM_IDLE

*Jan 29 01:35:30.517: ISAKMP:(1244): sending packet to <ANDROID> my_port 4500 peer_port 4500 (R) QM_IDLE

*Jan 29 01:35:30.517: ISAKMP:(1244):Sending an IKE IPv4 Packet.

*Jan 29 01:35:30.517: ISAKMP:(1244):purging node -34372654

*Jan 29 01:35:30.517: ISAKMP:(1244):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL

*Jan 29 01:35:30.517: ISAKMP:(1244):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Jan 29 01:35:30.517: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 01:35:30.521: IPSEC(policy_db_add_ident): src <INTERNET>, dest <ANDROID>, dest_port 4500

*Jan 29 01:35:30.521: IPSEC(create_sa): sa created,

  (sa) sa_dest= <INTERNET>, sa_proto= 50,

    sa_spi= 0x4878E485(1215882373),

    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2055

*Jan 29 01:35:30.521: IPSEC(create_sa): sa created,

  (sa) sa_dest= <ANDROID>, sa_proto= 50,

    sa_spi= 0xEB65E76(246832758),

    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2056

*Jan 29 01:35:30.521: ISAKMP:(1243):deleting SA reason "Receive initial contact" state (R) QM_IDLE       (peer <ANDROID>)

*Jan 29 01:35:30.521: ISAKMP:(0):Can't decrement IKE Call Admission Control stat incoming_active since it's already 0.

*Jan 29 01:35:30.521: ISAKMP: Unlocking peer struct 0x64B90268 for isadb_mark_sa_deleted(), count 1

*Jan 29 01:35:30.521: ISAKMP:(1243):deleting node -1196491908 error FALSE reason "IKE deleted"

*Jan 29 01:35:30.521: ISAKMP:(1243):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 01:35:30.521: ISAKMP:(1243):Old State = IKE_DEST_SA  New State = IKE_DEST_SA

*Jan 29 01:35:30.693: ISAKMP (0:1244): received packet from <ANDROID> dport 4500 sport 4500 Global (R) QM_IDLE

*Jan 29 01:35:30.693: ISAKMP:(1244):deleting node -849535221 error FALSE reason "QM done (await)"

*Jan 29 01:35:30.693: ISAKMP:(1244):Node -849535221, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

*Jan 29 01:35:30.693: ISAKMP:(1244):Old State = IKE_QM_R_QM2  New State = IKE_QM_PHASE2_COMPLETE

*Jan 29 01:35:30.693: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 01:35:30.693: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP

*Jan 29 01:35:30.693: IPSEC(key_engine_enable_outbound): enable SA with spi 246832758/50

*Jan 29 01:35:30.693: IPSEC(update_current_outbound_sa): updated peer <ANDROID> current outbound sa to SPI EB65E76

*Jan 29 01:35:32.493: %INTERFACE_API-3-NODESTROYSUBBLOCK: The SWIDB subblock named SW FIB PENDING EVENT was not removed,  -Traceback= 0x60BB69F0 0x60365A1C 0x6036612C

5 REPLIES
Cisco Employee

L2TP/IPSEC VPN - Android to Cisco Router

Two things:

    protocol= ESP, transform= NONE  (Transport-UDP),

    lifedur= 0s and 0kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

*Jan 29 01:33:06.425: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:

    {esp-aes 256 esp-md5-hmac }

That does not look like a transform set you configured as the one to be used.

Second

 %INTERFACE_API-3-NODESTROYSUBBLOCK: The SWIDB subblock named SW FIB PENDING EVENT was not removed,  -Traceback= 0x60BB69F0 0x60365A1C 0x6036612C

Does not appear to be healthy. Try a new version see if this messasge keeps popping up, open a TAC case.

New Member

L2TP/IPSEC VPN - Android to Cisco Router

Thanks. I fixed that transform set issue but still no lick. The proposals are chosen now:

*Jan 29 15:43:45.982: ISAKMP (0:0): received packet from dport 500 sport 500 Global (N) NEW SA

*Jan 29 15:43:45.982: ISAKMP: Created a peer struct for , peer port 500

*Jan 29 15:43:45.982: ISAKMP: New peer created peer = 0x63FCE984 peer_handle = 0x80000B6C

*Jan 29 15:43:45.986: ISAKMP: Locking peer struct 0x63FCE984, refcount 1 for crypto_isakmp_process_block

*Jan 29 15:43:45.986: ISAKMP: local port 500, remote port 500

*Jan 29 15:43:45.986: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 6409866C

*Jan 29 15:43:45.986: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 15:43:45.986: ISAKMP:(0):Old State = IKE_READY  New State = IKE_R_MM1

*Jan 29 15:43:45.986: ISAKMP:(0): processing SA payload. message ID = 0

*Jan 29 15:43:45.986: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.986: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch

*Jan 29 15:43:45.986: ISAKMP (0:0): vendor ID is NAT-T RFC 3947

*Jan 29 15:43:45.986: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.986: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch

*Jan 29 15:43:45.986: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.986: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

*Jan 29 15:43:45.986: ISAKMP:(0): vendor ID is NAT-T v2

*Jan 29 15:43:45.986: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.986: ISAKMP:(0): vendor ID seems Unity/DPD but major 221 mismatch

*Jan 29 15:43:45.986: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.986: ISAKMP:(0): processing IKE frag vendor id payload

*Jan 29 15:43:45.986: ISAKMP:(0): vendor ID is IKE Fragmentation

*Jan 29 15:43:45.986: ISAKMP:(0): MM Fragmentation supported

*Jan 29 15:43:45.986: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.986: ISAKMP:(0): vendor ID is DPD

*Jan 29 15:43:45.990: ISAKMP:(0):found peer pre-shared key matching

*Jan 29 15:43:45.990: ISAKMP:(0): local preshared key found

*Jan 29 15:43:45.990: ISAKMP : Scanning profiles for xauth ...

*Jan 29 15:43:45.990: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy

*Jan 29 15:43:45.990: ISAKMP:      life type in seconds

*Jan 29 15:43:45.990: ISAKMP:      life duration (basic) of 28800

*Jan 29 15:43:45.990: ISAKMP:      encryption AES-CBC

*Jan 29 15:43:45.990: ISAKMP:      keylength of 256

*Jan 29 15:43:45.990: ISAKMP:      auth pre-share

*Jan 29 15:43:45.990: ISAKMP:      hash SHA

*Jan 29 15:43:45.990: ISAKMP:      default group 2

*Jan 29 15:43:45.990: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 15:43:45.990: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 15:43:45.990: ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy

*Jan 29 15:43:45.990: ISAKMP:      life type in seconds

*Jan 29 15:43:45.990: ISAKMP:      life duration (basic) of 28800

*Jan 29 15:43:45.990: ISAKMP:      encryption AES-CBC

*Jan 29 15:43:45.990: ISAKMP:      keylength of 256

*Jan 29 15:43:45.990: ISAKMP:      auth pre-share

*Jan 29 15:43:45.990: ISAKMP:      hash MD5

*Jan 29 15:43:45.990: ISAKMP:      default group 2

*Jan 29 15:43:45.990: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 15:43:45.990: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 15:43:45.990: ISAKMP:(0):Checking ISAKMP transform 3 against priority 1 policy

*Jan 29 15:43:45.990: ISAKMP:      life type in seconds

*Jan 29 15:43:45.990: ISAKMP:      life duration (basic) of 28800

*Jan 29 15:43:45.990: ISAKMP:      encryption AES-CBC

*Jan 29 15:43:45.990: ISAKMP:      keylength of 128

*Jan 29 15:43:45.990: ISAKMP:      auth pre-share

*Jan 29 15:43:45.990: ISAKMP:      hash SHA

*Jan 29 15:43:45.990: ISAKMP:      default group 2

*Jan 29 15:43:45.990: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 15:43:45.990: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 15:43:45.990: ISAKMP:(0):Checking ISAKMP transform 4 against priority 1 policy

*Jan 29 15:43:45.990: ISAKMP:      life type in seconds

*Jan 29 15:43:45.990: ISAKMP:      life duration (basic) of 28800

*Jan 29 15:43:45.990: ISAKMP:      encryption AES-CBC

*Jan 29 15:43:45.990: ISAKMP:      keylength of 128

*Jan 29 15:43:45.990: ISAKMP:      auth pre-share

*Jan 29 15:43:45.990: ISAKMP:      hash MD5

*Jan 29 15:43:45.990: ISAKMP:      default group 2

*Jan 29 15:43:45.990: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 15:43:45.990: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 15:43:45.990: ISAKMP:(0):Checking ISAKMP transform 5 against priority 1 policy

*Jan 29 15:43:45.990: ISAKMP:      life type in seconds

*Jan 29 15:43:45.990: ISAKMP:      life duration (basic) of 28800

*Jan 29 15:43:45.990: ISAKMP:      encryption 3DES-CBC

*Jan 29 15:43:45.990: ISAKMP:      auth pre-share

*Jan 29 15:43:45.990: ISAKMP:      hash SHA

*Jan 29 15:43:45.994: ISAKMP:      default group 2

*Jan 29 15:43:45.994: ISAKMP:(0):atts are acceptable. Next payload is 3

*Jan 29 15:43:45.994: ISAKMP:(0):Acceptable atts:actual life: 3600

*Jan 29 15:43:45.994: ISAKMP:(0):Acceptable atts:life: 0

*Jan 29 15:43:45.994: ISAKMP:(0):Basic life_in_seconds:28800

*Jan 29 15:43:45.994: ISAKMP:(0):Returning Actual lifetime: 3600

*Jan 29 15:43:45.994: ISAKMP:(0)::Started lifetime timer: 3600.

*Jan 29 15:43:45.994: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.994: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch

*Jan 29 15:43:45.994: ISAKMP (0:0): vendor ID is NAT-T RFC 3947

*Jan 29 15:43:45.994: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.994: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch

*Jan 29 15:43:45.994: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.994: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

*Jan 29 15:43:45.994: ISAKMP:(0): vendor ID is NAT-T v2

*Jan 29 15:43:45.994: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.994: ISAKMP:(0): vendor ID seems Unity/DPD but major 221 mismatch

*Jan 29 15:43:45.994: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.994: ISAKMP:(0): processing IKE frag vendor id payload

*Jan 29 15:43:45.994: ISAKMP:(0): vendor ID is IKE Fragmentation

*Jan 29 15:43:45.994: ISAKMP:(0): MM Fragmentation supported

*Jan 29 15:43:45.994: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.994: ISAKMP:(0): vendor ID is DPD

*Jan 29 15:43:45.994: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

*Jan 29 15:43:45.994: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM1

*Jan 29 15:43:45.998: ISAKMP:(0):sending IKE_FRAG vendor ID

*Jan 29 15:43:45.998: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID

*Jan 29 15:43:45.998: ISAKMP:(0): sending packet to my_port 500 peer_port 500 (R) MM_SA_SETUP

*Jan 29 15:43:45.998: ISAKMP:(0):Sending an IKE IPv4 Packet.

*Jan 29 15:43:45.998: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Jan 29 15:43:45.998: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM2

*Jan 29 15:43:46.194: ISAKMP (0:0): received packet from dport 500 sport 500 Global (R) MM_SA_SETUP

*Jan 29 15:43:46.194: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 15:43:46.194: ISAKMP:(0):Old State = IKE_R_MM2  New State = IKE_R_MM3

*Jan 29 15:43:46.194: ISAKMP:(0): processing KE payload. message ID = 0

*Jan 29 15:43:46.262: ISAKMP:(0): processing NONCE payload. message ID = 0

*Jan 29 15:43:46.262: ISAKMP:(0):found peer pre-shared key matching

*Jan 29 15:43:46.262: ISAKMP:received payload type 20

*Jan 29 15:43:46.262: ISAKMP:received payload type 20

*Jan 29 15:43:46.266: ISAKMP (0:1299): NAT found, the node outside NAT

*Jan 29 15:43:46.266: ISAKMP:(1299):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

*Jan 29 15:43:46.266: ISAKMP:(1299):Old State = IKE_R_MM3  New State = IKE_R_MM3

*Jan 29 15:43:46.266: ISAKMP:(1299): sending packet to my_port 500 peer_port 500 (R) MM_KEY_EXCH

*Jan 29 15:43:46.266: ISAKMP:(1299):Sending an IKE IPv4 Packet.

*Jan 29 15:43:46.266: ISAKMP:(1299):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Jan 29 15:43:46.266: ISAKMP:(1299):Old State = IKE_R_MM3  New State = IKE_R_MM4

*Jan 29 15:43:46.450: ISAKMP (0:1299): received packet from dport 4500 sport 4500 Global (R) MM_KEY_EXCH

*Jan 29 15:43:46.454: ISAKMP:(1299):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 15:43:46.454: ISAKMP:(1299):Old State = IKE_R_MM4  New State = IKE_R_MM5

*Jan 29 15:43:46.454: ISAKMP:(1299): processing ID payload. message ID = 0

*Jan 29 15:43:46.454: ISAKMP (0:1299): ID payload

        next-payload : 8

        type         : 1

        address      : 192.170.100.113

        protocol     : 17

        port         : 500

        length       : 12

*Jan 29 15:43:46.454: ISAKMP:(0):: peer matches *none* of the profiles

*Jan 29 15:43:46.454: ISAKMP:(1299): processing HASH payload. message ID = 0

*Jan 29 15:43:46.454: ISAKMP:(1299):SA authentication status:

        authenticated

*Jan 29 15:43:46.454: ISAKMP:(1299):SA has been authenticated with

*Jan 29 15:43:46.454: ISAKMP:(1299):Detected port floating to port = 4500

*Jan 29 15:43:46.454: ISAKMP: Trying to insert a peer //4500/,  and found existing one 655D4AF4 to reuse, free 63FCE984

*Jan 29 15:43:46.454: ISAKMP: Unlocking peer struct 0x63FCE984 Reuse existing peer, count 0

*Jan 29 15:43:46.454: ISAKMP: Deleting peer node by peer_reap for : 63FCE984

*Jan 29 15:43:46.454: ISAKMP: Locking peer struct 0x655D4AF4, refcount 2 for Reuse existing peer

*Jan 29 15:43:46.454: ISAKMP:(1299):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

*Jan 29 15:43:46.454: ISAKMP:(1299):Old State = IKE_R_MM5  New State = IKE_R_MM5

*Jan 29 15:43:46.454: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 15:43:46.458: ISAKMP:(1299):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

*Jan 29 15:43:46.458: ISAKMP (0:1299): ID payload

        next-payload : 8

        type         : 1

        address      :

        protocol     : 17

        port         : 0

        length       : 12

*Jan 29 15:43:46.458: ISAKMP:(1299):Total payload length: 12

*Jan 29 15:43:46.458: ISAKMP:(1299): sending packet to my_port 4500 peer_port 4500 (R) MM_KEY_EXCH

*Jan 29 15:43:46.458: ISAKMP:(1299):Sending an IKE IPv4 Packet.

*Jan 29 15:43:46.458: ISAKMP:(1299):Returning Actual lifetime: 3600

*Jan 29 15:43:46.458: ISAKMP: set new node -2086118910 to QM_IDLE

*Jan 29 15:43:46.458: ISAKMP:(1299):Sending NOTIFY RESPONDER_LIFETIME protocol 1

        spi 1688401496, message ID = -2086118910

*Jan 29 15:43:46.458: ISAKMP:(1299): sending packet to my_port 4500 peer_port 4500 (R) MM_KEY_EXCH

*Jan 29 15:43:46.458: ISAKMP:(1299):Sending an IKE IPv4 Packet.

*Jan 29 15:43:46.458: ISAKMP:(1299):purging node -2086118910

*Jan 29 15:43:46.462: ISAKMP: Sending phase 1 responder lifetime 3600

*Jan 29 15:43:46.462: ISAKMP:(1299):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Jan 29 15:43:46.462: ISAKMP:(1299):Old State = IKE_R_MM5  New State = IKE_P1_COMPLETE

*Jan 29 15:43:46.462: ISAKMP:(1299):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE

*Jan 29 15:43:46.462: ISAKMP:(1299):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Jan 29 15:43:46.590: ISAKMP (0:1299): received packet from dport 4500 sport 4500 Global (R) QM_IDLE

*Jan 29 15:43:46.590: ISAKMP: set new node -825415819 to QM_IDLE

*Jan 29 15:43:46.590: ISAKMP:(1299): processing HASH payload. message ID = -825415819

*Jan 29 15:43:46.590: ISAKMP:(1299): processing NOTIFY INITIAL_CONTACT protocol 1

        spi 0, message ID = -825415819, sa = 6409866C

*Jan 29 15:43:46.590: ISAKMP:(1299):SA authentication status:

        authenticated

*Jan 29 15:43:46.590: ISAKMP:(1299): Process initial contact,

bring down existing phase 1 and 2 SA's with local remote remote port 4500

*Jan 29 15:43:46.590: ISAKMP:(1298):received initial contact, deleting SA

*Jan 29 15:43:46.590: ISAKMP:(1298):peer does not do paranoid keepalives.

*Jan 29 15:43:46.590: ISAKMP:(1298):deleting SA reason "Receive initial contact" state (R) QM_IDLE       (peer )

*Jan 29 15:43:46.594: ISAKMP:(1299):deleting node -825415819 error FALSE reason "Informational (in) state 1"

*Jan 29 15:43:46.594: ISAKMP:(1299):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY

*Jan 29 15:43:46.594: ISAKMP:(1299):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Jan 29 15:43:46.594: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 15:43:46.594: Delete IPsec SA by IC, local remote peer port 4500

*Jan 29 15:43:46.594: IPSEC(delete_sa): deleting SA,

  (sa) sa_dest= , sa_proto= 50,

    sa_spi= 0x1195A763(295020387),

    sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 2093,

  (identity) local= , remote= ,

    local_proxy= /255.255.255.255/17/1701 (type=1),

    remote_proxy= /255.255.255.255/17/4500 (type=1)

*Jan 29 15:43:46.594: IPSEC(update_current_outbound_sa): updated peer current outbound sa to SPI 0

*Jan 29 15:43:46.594: IPSEC(delete_sa): deleting SA,

  (sa) sa_dest= , sa_proto= 50,

    sa_spi= 0x33196AE(53581486),

    sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 2094,

  (identity) local= , remote= ,

    local_proxy= /255.255.255.255/17/1701 (type=1),

    remote_proxy= /255.255.255.255/17/4500 (type=1)

*Jan 29 15:43:46.598: ISAKMP: set new node -1056199272 to QM_IDLE

*Jan 29 15:43:46.598: ISAKMP:(1298):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

*Jan 29 15:43:46.598: ISAKMP:(1298):Old State = IKE_P1_COMPLETE  New State = IKE_DEST_SA

*Jan 29 15:43:46.598: ISAKMP: set new node -167706179 to QM_IDLE

*Jan 29 15:43:46.598: ISAKMP:(1299): sending packet to my_port 4500 peer_port 4500 (R) QM_IDLE

*Jan 29 15:43:46.598: ISAKMP:(1299):Sending an IKE IPv4 Packet.

*Jan 29 15:43:46.598: ISAKMP:(1299):purging node -167706179

*Jan 29 15:43:46.598: ISAKMP:(1299):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL

*Jan 29 15:43:46.598: ISAKMP:(1299):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Jan 29 15:43:46.602: ISAKMP:(1298):deleting SA reason "Receive initial contact" state (R) QM_IDLE       (peer )

*Jan 29 15:43:46.602: ISAKMP:(0):Can't decrement IKE Call Admission Control stat incoming_active since it's already 0.

*Jan 29 15:43:46.602: ISAKMP: Unlocking peer struct 0x655D4AF4 for isadb_mark_sa_deleted(), count 1

*Jan 29 15:43:46.602: ISAKMP:(1298):deleting node -1056199272 error FALSE reason "IKE deleted"

*Jan 29 15:43:46.602: ISAKMP:(1298):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 15:43:46.602: ISAKMP:(1298):Old State = IKE_DEST_SA  New State = IKE_DEST_SA

*Jan 29 15:43:47.750: ISAKMP (0:1299): received packet from dport 4500 sport 4500 Global (R) QM_IDLE

*Jan 29 15:43:47.750: ISAKMP: set new node -930304950 to QM_IDLE

*Jan 29 15:43:47.750: ISAKMP:(1299): processing HASH payload. message ID = -930304950

*Jan 29 15:43:47.750: ISAKMP:(1299): processing SA payload. message ID = -930304950

*Jan 29 15:43:47.750: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.750: ISAKMP: transform 1, ESP_AES

*Jan 29 15:43:47.750: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.750: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.750: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.750: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.750: ISAKMP:      key length is 256

*Jan 29 15:43:47.750: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 15:43:47.750: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.750: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.750: ISAKMP: transform 2, ESP_AES

*Jan 29 15:43:47.750: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.750: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.750: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.750: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.750: ISAKMP:      key length is 256

*Jan 29 15:43:47.750: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 15:43:47.754: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.754: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.754: ISAKMP: transform 3, ESP_AES

*Jan 29 15:43:47.754: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.754: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.754: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.754: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.754: ISAKMP:      key length is 128

*Jan 29 15:43:47.754: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 15:43:47.754: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.754: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.754: ISAKMP: transform 4, ESP_AES

*Jan 29 15:43:47.754: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.754: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.754: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.754: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.754: ISAKMP:      key length is 128

*Jan 29 15:43:47.754: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 15:43:47.754: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.754: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.754: ISAKMP: transform 5, ESP_3DES

*Jan 29 15:43:47.754: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.754: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.754: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.754: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.754: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 15:43:47.754: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.754: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.754: ISAKMP: transform 6, ESP_3DES

*Jan 29 15:43:47.754: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.754: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.754: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.754: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.754: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 15:43:47.754: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.754: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.754: ISAKMP: transform 7, ESP_DES

*Jan 29 15:43:47.754: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.754: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.754: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.754: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.754: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 15:43:47.754: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.754: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.754: ISAKMP: transform 8, ESP_DES

*Jan 29 15:43:47.754: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.754: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.754: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.754: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.754: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 15:43:47.754: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.758: IPSEC(validate_proposal_request): proposal part #1

*Jan 29 15:43:47.758: IPSEC(validate_proposal_request): proposal part #1,

  (key eng. msg.) INBOUND local= , remote= ,

    local_proxy= /255.255.255.255/17/1701 (type=1),

    remote_proxy= /255.255.255.255/17/0 (type=1),

    protocol= ESP, transform= NONE  (Transport-UDP),

    lifedur= 0s and 0kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

*Jan 29 15:43:47.758: ISAKMP:(1299): processing NONCE payload. message ID = -930304950

*Jan 29 15:43:47.758: ISAKMP:(1299): processing ID payload. message ID = -930304950

*Jan 29 15:43:47.758: ISAKMP:(1299): processing ID payload. message ID = -930304950

*Jan 29 15:43:47.758: ISAKMP:(1299):QM Responder gets spi

*Jan 29 15:43:47.758: ISAKMP:(1299):Node -930304950, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

*Jan 29 15:43:47.758: ISAKMP:(1299):Old State = IKE_QM_READY  New State = IKE_QM_SPI_STARVE

*Jan 29 15:43:47.758: ISAKMP:(1299): Creating IPSec SAs

*Jan 29 15:43:47.762:         inbound SA from to (f/i)  0/ 0

        (proxy to )

*Jan 29 15:43:47.762:         has spi 0x9E62C88A and conn_id 0

*Jan 29 15:43:47.762:         lifetime of 28800 seconds

*Jan 29 15:43:47.762:         outbound SA from to (f/i) 0/0

        (proxy to )

*Jan 29 15:43:47.762:         has spi  0x560114E and conn_id 0

*Jan 29 15:43:47.762:         lifetime of 28800 seconds

*Jan 29 15:43:47.762: ISAKMP:(1299): sending packet to my_port 4500 peer_port 4500 (R) QM_IDLE

*Jan 29 15:43:47.762: ISAKMP:(1299):Sending an IKE IPv4 Packet.

*Jan 29 15:43:47.762: ISAKMP:(1299):Node -930304950, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI

*Jan 29 15:43:47.762: ISAKMP:(1299):Old State = IKE_QM_SPI_STARVE  New State = IKE_QM_R_QM2

*Jan 29 15:43:47.762: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 15:43:47.762: IPSEC(policy_db_add_ident): src , dest , dest_port 4500

*Jan 29 15:43:47.762: IPSEC(create_sa): sa created,

  (sa) sa_dest= , sa_proto= 50,

    sa_spi= 0x9E62C88A(2657273994),

    sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 2095

*Jan 29 15:43:47.762: IPSEC(create_sa): sa created,

  (sa) sa_dest= , sa_proto= 50,

    sa_spi= 0x560114E(90181966),

    sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 2096

*Jan 29 15:43:47.886: ISAKMP (0:1299): received packet from dport 4500 sport 4500 Global (R) QM_IDLE

*Jan 29 15:43:47.890: ISAKMP:(1299):deleting node -930304950 error FALSE reason "QM done (await)"

*Jan 29 15:43:47.890: ISAKMP:(1299):Node -930304950, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

*Jan 29 15:43:47.890: ISAKMP:(1299):Old State = IKE_QM_R_QM2  New State = IKE_QM_PHASE2_COMPLETE

*Jan 29 15:43:47.890: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 15:43:47.890: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP

*Jan 29 15:43:47.890: IPSEC(key_engine_enable_outbound): enable SA with spi 90181966/50

*Jan 29 15:43:47.890: IPSEC(update_current_outbound_sa): updated peer current outbound sa to SPI 560114E

*Jan 29 15:44:10.598: ISAKMP:(1296):purging node -1355843683

*Jan 29 15:44:10.598: ISAKMP:(1296):purging node 547877735

*Jan 29 15:44:10.598: ISAKMP:(1296):purging node -1647095265

*Jan 29 15:44:20.598: ISAKMP:(1296):purging SA., sa=640A43BC, delme=640A43BC

Cisco Employee

L2TP/IPSEC VPN - Android to Cisco Router

TBH, doesn't look like there's anything wrong with IPsec on this end (I'm stressing out _IPsec_ and _this_ end).

New Member

L2TP/IPSEC VPN - Android to Cisco Router

Yeah, that is why I am stumped. And iOS devices work fine.

GEC
New Member

Re: L2TP/IPSEC VPN - Android to Cisco Router

I have exactly the same problem with Android 8.0 connecting Cisco ISR 4000, IOS XE version 16.6 while Windows 10 and iPhone/iPad IOS 11.0.2 work perfectly. I managed to find an old Android 4.1 for testing the connection. No luck either. Seems Android phones don't fit Cisco routers L2TP/IPSec tunnel at all.

1228
Views
0
Helpful
5
Replies
CreatePlease login to create content