Global Protect and Android 4.0.4 - problem

Reply
Highlighted
L4 Transporter

Global Protect and Android 4.0.4 - problem

Hello

I have working VPN for Windows machines. I need to extend it for Android devices, using client from Android OS.

I'm using login and passwords (not certs) in my VPN config.

I followed by the GlobalProtect-Config-Android-RevB.pdf  - part 3



When I try to start VPN on Sony Ericsson Xperia S smartfon I see connecting and after 2-3 minuts - connection timeout.

On PA in logs I have:


1: (ike-nego-p1-start) IKE phase-1 negotiation is started as responder, aggressive mode. Initiated SA: XXX.XXX.14.140[500]-YYY.YYY.124.120[23744] cookie:010170c511f3d5d2:9d6cb13fb537cabb.

2. (ike-nego-p1-fail) IKE phase-1 negotiation is failed as responder, aggressive mode. Failed SA: XXX.XXX.14.140[500]-YYY.YYY.124.120[23744] cookie:010170c511f3d5d2:9d6cb13fb537cabb. Due to timeout.

3. (ike-nego-p1-delete) IKE phase-1 SA is deleted SA: 94.124.14.140[500]-46.77.124.120[23744] cookie:010170c511f3d5d2:9d6cb13fb537cabb.

My portal has commercial SSL certificate.

I can open portal web page without any cert warning (ssl cert is marked as a green and trusted), so I think that isn't a GP certyficate problem.

I tryed to change user password, IKE secret, group name.

Have you any idea what is wrong in my config?

Regards

Slawek

Highlighted
L6 Presenter

Re: Global Protect and Android 4.0.4 - problem

Hi,

how many routes do you have ? (gateway access route)

L4 Transporter

Re: Global Protect and Android 4.0.4 - problem

I have only one 0.0.0.0/0

Highlighted
L6 Presenter

Re: Global Protect and Android 4.0.4 - problem

did you try with another phone ?

Highlighted
L4 Transporter

Re: Global Protect and Android 4.0.4 - problem

no ... I haven't any other android based phone.

Could someone help me to diagnose this problem  on CLI level?

Highlighted
L6 Presenter

Re: Global Protect and Android 4.0.4 - problem

Any Android device above 4.0.3 should be able to connect (as long as the manufacturer has not made changes to the VPN mechanism which some do)

we had similar issue and after upgrade phone to 4.1.x it was fixed.

any extra logs when using the command less mp-log ikemgr ?

Highlighted
L6 Presenter

Re: Global Protect and Android 4.0.4 - problem

Also if you haven't read yet, you may see the comments on bottom which have similar issue

Highlighted
L4 Transporter

Re: Global Protect and Android 4.0.4 - problem

I cant (officially) upgrade to 4.1.x my smartfon :smileysad:

I tryed to make some troubleshooting according to but without success. I need to try it but with WiFi connection (now I was using HSDPA/3G)

I alredy read comments, so like other people I need to open case at support.

Thank You for your help

Regards

SLawek

Highlighted
L4 Transporter

Re: Global Protect and Android 4.0.4 - problem

Hi

I have one information more ... The same android smartfon when is connected via WiFi can estabilish VPN connection without errors!!!

but... there isn't any traffic on VPN tunnel :smileysad:

Highlighted
L4 Transporter

Re: Global Protect and Android 4.0.4 - problem

My GSM operator change my APN settings in phone and now I can connect by VPN to my PAN device.

Problem with no traffc still exist. If someone has a idea how to solve it please drop a massage.

With regards

Slawek

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!