I'm not very good at IPsec, so this is as much a learning exercize for me as anything...
Comparing to what I see when I connect L2TP/IPsec with my iPhone, "FRAGMENTATION" and the two instances of "Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x8ec7cbfd" seem strange to me. Is the load balancing device also a firewall? Is it perhaps blocking port 50 or 51? Is Google or your ISP blocking 4500?
Also, I wonder if the NATing in front of the Astaro isn't confusing the client in the android.
Cheers - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005
I'm not very good at IPsec, so this is as much a learning exercize for me as anything...
Comparing to what I see when I connect L2TP/IPsec with my iPhone, "FRAGMENTATION" and the two instances of "Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x8ec7cbfd" seem strange to me. Is the load balancing device also a firewall? Is it perhaps blocking port 50 or 51? Is Google or your ISP blocking 4500?
Also, I wonder if the NATing in front of the Astaro isn't confusing the client in the android.
Cheers - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005
