Global Protect and Android 4.0.4 - problem

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Global Protect and Android 4.0.4 - problem

L4 Transporter

Hello

I have working VPN for Windows machines. I need to extend it for Android devices, using client from Android OS.

I'm using login and passwords (not certs) in my VPN config.

I followed by the GlobalProtect-Config-Android-RevB.pdf  - part 3



When I try to start VPN on Sony Ericsson Xperia S smartfon I see connecting and after 2-3 minuts - connection timeout.

On PA in logs I have:


1: (ike-nego-p1-start) IKE phase-1 negotiation is started as responder, aggressive mode. Initiated SA: XXX.XXX.14.140[500]-YYY.YYY.124.120[23744] cookie:010170c511f3d5d2:9d6cb13fb537cabb.

2. (ike-nego-p1-fail) IKE phase-1 negotiation is failed as responder, aggressive mode. Failed SA: XXX.XXX.14.140[500]-YYY.YYY.124.120[23744] cookie:010170c511f3d5d2:9d6cb13fb537cabb. Due to timeout.

3. (ike-nego-p1-delete) IKE phase-1 SA is deleted SA: 94.124.14.140[500]-46.77.124.120[23744] cookie:010170c511f3d5d2:9d6cb13fb537cabb.

My portal has commercial SSL certificate.

I can open portal web page without any cert warning (ssl cert is marked as a green and trusted), so I think that isn't a GP certyficate problem.

I tryed to change user password, IKE secret, group name.

Have you any idea what is wrong in my config?

Regards

Slawek

11 REPLIES 11

L6 Presenter

Hi,

how many routes do you have ? (gateway access route)

I have only one 0.0.0.0/0

did you try with another phone ?

no ... I haven't any other android based phone.

Could someone help me to diagnose this problem  on CLI level?

Any Android device above 4.0.3 should be able to connect (as long as the manufacturer has not made changes to the VPN mechanism which some do)

we had similar issue and after upgrade phone to 4.1.x it was fixed.

any extra logs when using the command less mp-log ikemgr ?

Also if you haven't read yet, you may see the comments on bottom which have similar issue

I cant (officially) upgrade to 4.1.x my smartfon Smiley Sad

I tryed to make some troubleshooting according to but without success. I need to try it but with WiFi connection (now I was using HSDPA/3G)

I alredy read comments, so like other people I need to open case at support.

Thank You for your help

Regards

SLawek

Hi

I have one information more ... The same android smartfon when is connected via WiFi can estabilish VPN connection without errors!!!

but... there isn't any traffic on VPN tunnel Smiley Sad

My GSM operator change my APN settings in phone and now I can connect by VPN to my PAN device.

Problem with no traffc still exist. If someone has a idea how to solve it please drop a massage.

With regards

Slawek

that is strange.

if you have another public ip try to add another global protect gateway(no portal needed) and write an access route as internal subnet and see if you have access.

I did it - nothing has changed. My phone still displayed 0 packet up/down.

  • 4076 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!