Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 15640 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CISCO VPN Client Only Connects 2/5 Attempts

c h

XG Experts,

I've successfully configured the CISCO VPN™ Client in XG Firewall v16. iOS and mac os clients will connect, but usually not on the first attempt. Oftentimes, they won't connect for a number of minutes and then all of sudden, they connect immediately. When an error is given (and not just a timeout), the error is "Negotiation with the VPN server failed."

I'm using the iOS profile downloaded from the user portal and I'm at a bit of loss as to what might be wrong. For the record, this happens across a number of networks (cellular, cable, and fiber).

Thoughts, comments, suggestions, ideas as to where to start?

Thanks in advance for the help!

chobo997



This thread was automatically locked due to age.
Parents
  • +1

    Hi,

    Check #1 in the guide here. Post the logs for the unsuccessful attempts.

    Thanks

  • 0 in reply to sachingurung

    Thanks so much for the reply, sachingurung.

    I've investigated a bit further and even did a clean install – activating only the CISCO VPN Client and necessary firewall rules. We have a clue from the System log:

    "EST-P1: Peer did not accept any proposal sent."

    This error occurs with both iOS and mac os devices using Apple's built-in Cisco IPsec client. I'm starting to think this could be a larger issue with XG Firewall's Cisco VPN and iOS/mac os devices. I haven't had a chance yet, but I plan to set up a regular road warrior IPsec tunnel to see if the results are any different.

    What other thoughts do you have on the subject?

    Thanks again!

  • 0 in reply to c h

    Hi All,

    MAC updates from 10.11.4 add support to encryption algorithm AES 256, refer this https://support.apple.com/en-us/HT206154 .

    Due to this change iOS clients are not able to connect via Cisco VPN on XG. This is reported under NC-10213. No ETA from the developers.

    Thanks

Reply Children
  • 0 in reply to sachingurung

    Hi sachingurung,

    Could you provide an update on this issue reported under NC-10213? It's been two months and I'm sure numerous Apple users are affected by this inability to connect using the built-in Cisco IPSec implementation.

    Thank you!

  • 0 in reply to c h

    Hi,

    Cisco VPN client on Apple devices uses AES 256 encryption algorithm, which is not supported by the XG firewalls for Cisco VPN connectivity. Please raise it as a feature request here and post the links so that everyone can cast their vote for it. 

    Thanks

  • 0 in reply to sachingurung

    Hi together,

    I wonder if there are any news on this topic?

    It seems as if the Cisco IPsec VPN with Apple devices is still broken/unstable in the latest release. I have tried various setups using a PSK and certificates but none of the solutions are working stable/in an acceptable way. :-(

    In the v17-thread a new IPsec implementation is mentioned. Will this also affect the Cisco VPN implementation?

    community.sophos.com/.../331679

    Thanks in advance

    Best Regards

    Dom Nik