08-09-2013 07:54 AM
Hello
I have working VPN for Windows machines. I need to extend it for Android devices, using client from Android OS.
I'm using login and passwords (not certs) in my VPN config.
I followed by the GlobalProtect-Config-Android-RevB.pdf - part 3
When I try to start VPN on Sony Ericsson Xperia S smartfon I see connecting and after 2-3 minuts - connection timeout.
On PA in logs I have:
1: (ike-nego-p1-start) IKE phase-1 negotiation is started as responder, aggressive mode. Initiated SA: XXX.XXX.14.140[500]-YYY.YYY.124.120[23744] cookie:010170c511f3d5d2:9d6cb13fb537cabb.
2. (ike-nego-p1-fail) IKE phase-1 negotiation is failed as responder, aggressive mode. Failed SA: XXX.XXX.14.140[500]-YYY.YYY.124.120[23744] cookie:010170c511f3d5d2:9d6cb13fb537cabb. Due to timeout.
3. (ike-nego-p1-delete) IKE phase-1 SA is deleted SA: 94.124.14.140[500]-46.77.124.120[23744] cookie:010170c511f3d5d2:9d6cb13fb537cabb.
My portal has commercial SSL certificate.
I can open portal web page without any cert warning (ssl cert is marked as a green and trusted), so I think that isn't a GP certyficate problem.
I tryed to change user password, IKE secret, group name.
Have you any idea what is wrong in my config?
Regards
Slawek
08-09-2013 09:02 AM
I have only one 0.0.0.0/0
08-09-2013 09:18 AM
did you try with another phone ?
08-10-2013 03:38 AM
no ... I haven't any other android based phone.
Could someone help me to diagnose this problem on CLI level?
08-10-2013 04:33 AM
Any Android device above 4.0.3 should be able to connect (as long as the manufacturer has not made changes to the VPN mechanism which some do)
we had similar issue and after upgrade phone to 4.1.x it was fixed.
any extra logs when using the command less mp-log ikemgr ?
08-10-2013 04:57 AM
I cant (officially) upgrade to 4.1.x my smartfon 
I tryed to make some troubleshooting according to but without success. I need to try it but with WiFi connection (now I was using HSDPA/3G)
I alredy read comments, so like other people I need to open case at support.
Thank You for your help
Regards
SLawek
08-12-2013 01:16 AM
Hi
I have one information more ... The same android smartfon when is connected via WiFi can estabilish VPN connection without errors!!!
but... there isn't any traffic on VPN tunnel
08-12-2013 02:00 AM
My GSM operator change my APN settings in phone and now I can connect by VPN to my PAN device.
Problem with no traffc still exist. If someone has a idea how to solve it please drop a massage.
With regards
Slawek
08-12-2013 02:08 AM
that is strange.
if you have another public ip try to add another global protect gateway(no portal needed) and write an access route as internal subnet and see if you have access.
08-13-2013 12:34 AM
I did it - nothing has changed. My phone still displayed 0 packet up/down.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
