iPhone can't get through ASA5510

[JBruyet]

Hey all, I'm trying to access my network using my iPhone 3GS and not having any luck. From what I've read I should be able to use the Cisco IPSec client software and connect right through but it's not happening. From what I've read by Googling this issue it should connect right up. I tried connecting using the Cisco client on my laptop and it works fine. Has anyone here had any problems connecting your iPhone through your ASA and fixed the problem? If so please help!

Thanks,

Joe B

 

[unclerico]

have you run any crytop debugs??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[JBruyet]

unclerico, I'm afraid I don't even know what a "cryptop debug" is let alone how to run one. I don't speak IOS either so if that's a part of it I may have to pay for someone to come in and fix this. AND I'm trying to save all I can in my budget.

Thanks,

Joe B

 

[unclerico]

ok. do you have credentials to log on to the asa?? if so i can walk you through debugging.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[JBruyet]

LOL, yes I can get into the device but my Cisco knowledge ends right about there. If you send me the steps I'll follow them and get back to you with the results.

Thanks,

Joe B

 

[unclerico]

ok. really it's one step; enter the following command:

debug crypto isakmp sa

post the output from that and we'll take a look

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[JBruyet]

Should I try my iPhone access just before I run this command or can I run it whenever I can get back to my IDF room.

Thanks,

Joe B

 

[JBruyet]

Well, I just tried it to see what I would see and I'm getting the following error:

ciscoasa> debug crypto isakmp sa
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa> debug crypto isakmp sa
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa> enable
Password: *******
ciscoasa# debug crypto isakmp sa
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa# crypto debug isakmp sa
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa# exit

On the last command I reversed debug and crypto in case that was a part of the problem. I didn't think of it at the time but are any of the commands case-sensitive? All other aspects of the ASA are working fine.

Thanks for the help,

Jobee

 

[JBruyet]

Sorry! I'm looking over my post and I see that the ^ is off a bit. For the first three occurences it should be under the "d" in debug. for the last occurence it should be under the "y" in crypto.

Thanks,

Joe B

 

[bagz]

bump
anyone have any luck getting it to connect. i will be trying to make this work soon and any tips are great...

 

[JBruyet]

Hey bagz, I thought I posted the fix here but apparently I did it somewhere else. My bad. The problem wound up being an unchecked check box. I know the menu path but not the specific check box:

ASDM
Configuration
VPN
IKE
Global Parameters

I'll get into it later and let you know what it was.

Joe B

 

[bagz]

Hey Joe,

any news on this?

thanks,

Joe C.

 

[JBruyet]

I apologize!!!! I totally forgot about this. I'll see what I can find now.

Sorry!

Joe B

 

[JBruyet]

bagz, check out this link and go to the last post at the bottom of the page. THAT is what did it for me:

http://www.naxja.org/forum/showthread.php?t=1000744

Lemme know if it works for you.

Thanks,

Joe B