Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Problems with xauth and iphone vpn

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Problems with xauth and iphone vpn

L1 Bithead

Hi,

I have a iphone (ios 7) what i am trying to connect to our global connect vpn setup.

Android have the same problem, and computers using the global connect client is working fine.

This worked fine some time ago, but now I am not able to pass any traffic through the vpn. Looks like there is a issue with default route.

We have not the global connect licens, so are using the Cisco System adapter function.

PA is running 5.0.4


Anyone have this issue, and know how to solve it?

1 accepted solution

Accepted Solutions

L1 Bithead

I have solved this problem.

Iphone and android have issues with nat, and how to encapsulate esp within a udp-package.

Solved this by insering a reverse proxy before the global protect portal and enabling SNAT.

Now both iphone and android work fine.

Thanks for all help

View solution in original post

8 REPLIES 8

L4 Transporter

Hello Klumpen,

Per my recent update Iphone 5S model is 64 bit OS and the support for GP is yet to come. But looks like the issue is seen on Android devices too. In that case I would suggest to collect logs on the cell phone from GP client and the logs would share details if the default route details was passed from the portal to the device.

Thanks

L6 Presenter

That's correct. 5s is 64bit OS and currently not supported. Partial support should be made readily available in several days so stay tuned. Full support requires an update to OS from Apple and I believe they are working on that as well.

I have iphone 5, and are using the "cisco virtual adapter" vpn, not the global protect client.

This worked fine before.

if it worked before check if you have access routes more than 1 or not ?

L1 Bithead

It looks like there is a problem with esp and iphone/android/xauth.  Is there any way to force esp to encapsulate into a udp? This is for sure a firewall and a nat issue.

Are you using an iPhone 5 or 5s?  I have tested X-Auth with IOS7 on the iPhone 5 and I have not seen any issues on both Wifi and LTE connections.

Tried both Iphone 4S, 5 and many androids. Android workes sometime fine on wlan, but never 3g.

Iphone works always fine on 3g, but have some issues on wlan.

L1 Bithead

I have solved this problem.

Iphone and android have issues with nat, and how to encapsulate esp within a udp-package.

Solved this by insering a reverse proxy before the global protect portal and enabling SNAT.

Now both iphone and android work fine.

Thanks for all help

  • 1 accepted solution
  • 5193 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!