IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.
Im trying to get my ipad to VPN to our Cisco ASA5520.
I believe I have all of the settings correct on both ends I am able to vpn to the asa using a cisco 871 as the remote client.
I suspect that for some reason the vpn client on the ipad isn even getting to the asa. My question is: How can I monitor the ASA logs to see if the connection is even being attempted and possibly find the failure?
debug crypto isakmp
debug crypto ipsec
sh vpn-sessiondb remote ( to see if client is connected )
I configured ipad for remote vpn client , the user was able to connect to the 5520 but for reason i had to use ip addresses to access but i couldnt use internal dns names. trying to figure that out as of right now.
hope it helps
What does your dynamic crypto map use for its transform set? I ran into a similar issue where ipsec clients hw/sw could connect, but not IPad. I had to configure the dynamic map to also use 3des/md5 to make it work.
But as last person mentioned, debug for crypto isakmp and ipsec to make sure the device can reach the ASA.
Finally got it to work. Thanks for the tip on how to watch debug stuf for ipsec.
I saw that the problem was no address pool was assigned to the tunnel group.
This leads to a new question but Ill post another thread.