ipad VPN to Cisco ASA 5520

IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.
Post Reply
Guest

ipad VPN to Cisco ASA 5520

Post by Guest » Thu Jul 22, 2010 3:16 pm

Hi,

 

Im trying to get my ipad to VPN to our Cisco ASA5520.

 

I believe I have all of the settings correct on both ends I am able to vpn to the asa using a cisco 871 as the remote client.

 

I suspect that for some reason the vpn client on the ipad isn even getting to the asa. My question is: How can I monitor the ASA logs to see if the connection is even being attempted and possibly find the failure?

 

Thanks

 

M


Guest

Re:ipad VPN to Cisco ASA 5520

Post by Guest » Thu Jul 22, 2010 4:08 pm

try :-

debug crypto isakmp

debug crypto ipsec

sh vpn-sessiondb remote  ( to see if client is connected )

 

I configured ipad for remote vpn client , the user was able to connect to the 5520 but for reason i had to use ip addresses to access but i couldnt use internal dns names. trying to figure that out as of right now.

 

hope it helps

Manish


Guest

Re:ipad VPN to Cisco ASA 5520

Post by Guest » Thu Jul 22, 2010 5:36 pm

What does your dynamic crypto map use for its transform set?  I ran into a similar issue where ipsec clients hw/sw could connect, but not IPad.  I had to configure the dynamic map to also use 3des/md5 to make it work.

 

But as last person mentioned, debug for crypto isakmp and ipsec to make sure the device can reach the ASA.


Guest

Re:ipad VPN to Cisco ASA 5520

Post by Guest » Thu Jul 22, 2010 5:41 pm

Hi,

Finally got it to work. Thanks for the tip on how to watch debug stuf for ipsec.

 

I saw that the problem was no address pool was assigned to the tunnel group.

 

This leads to a new question but Ill post another thread.

 

Tanks again!

 

M


Post Reply