Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 949 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SAMSUNG ACE - L2TP over IPSEC

samuel.lao85
Hi my friends,

My first round was with IPHONES using cisco vpn, so far I could connect only 1 iphone, I haven't luck with the rest of them. 

Now, I´m trying to connect a Galaxy ACE with android 2.3.4. . I've been checking each parameter according to threads from astaro.org but I´m getting an error message " can´t connect with network ". I´m using L2TP over IPSEC with PSK. 

Here is what I did:

On ASG:
Remote Access->L2TP over IPSec
Interface: External (WAN)
Authentication: Preshared key
Preshared key: any PSK of your choice
Repeat: repeat PSK

Assign IP address: IP address pool
Pool Network: VPN Pool (L2TP)

Authentication via: Local
User and Groups



Network Security->NAT->Masquerading

Network: VPN Pool (L2TP)
Interface: External (WAN)
Use address: >

Enable the masquerading rule.

Network Security->Packet Filter

Source: VPN Pool (L2TP)
Service: Any
Destination: Internal (Network)
Action: Allow
Time Event: >

Enable the packet filter rules.

On the phone:
VPN Name: Any name you choose

Set VPN server: hostname.astaro.com

Set IPSec pre-shared key: whatever key you chose on ASG

Enable L2TP Secret: leave unchecked

DNS search domains: not set

IPSEC logs are showing this:

2012:07:05-08:35:31 hostastaro pluto[35226]: packet from x.x.x.x:500: ignoring Vendor ID payload [RFC 3947]
2012:07:05-08:35:31 hostastaro pluto[35226]: packet from x.x.x.x:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2012:07:05-08:35:31 hostastaro pluto[35226]: packet from x.x.x.x:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2012:07:05-08:35:31 hostastaro pluto[35226]: packet from x.x.x.x:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2012:07:05-08:35:31 hostastaro pluto[35226]: packet from x.x.x.x:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2012:07:05-08:35:31 hostastaro pluto[35226]: "S_REF_IpsL2t1_1"[3] x.x.x.x #20588: responding to Main Mode from unknown peer x.x.x.x
2012:07:05-08:35:32 hostastaro pluto[35226]: "S_REF_IpsL2t1_1"[3] x.x.x.x #20588: Peer ID is ID_IPV4_ADDR: 'y.y.y.y'
2012:07:05-08:35:32 hostastaro pluto[35226]: "S_REF_IpsL2t1_1"[4] x.x.x.x #20588: deleting connection "S_REF_IpsL2t1_1"[3] instance with peer x.x.x.x {isakmp=#0/ipsec=#0}
2012:07:05-08:35:32 hostastaro pluto[35226]: "S_REF_IpsL2t1_1"[4] x.x.x.x #20588: sent MR3, ISAKMP SA established
2012:07:05-08:35:32 hostastaro pluto[35226]: "S_REF_IpsL2t1_1"[4] x.x.x.x #20588: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2012:07:05-08:35:33 hostastaro pluto[35226]: "S_REF_IpsL2t1_0"[2] x.x.x.x #20588: responding to Quick Mode
2012:07:05-08:35:34 hostastaro pluto[35226]: "S_REF_IpsL2t1_0"[2] x.x.x.x #20588: IPsec SA established {ESP=>0x0ac7236h 


This thread was automatically locked due to age.
  • 0

    Source: VPN Pool (L2TP)
    Service: Any
    Destination: Internal (Network)
    Action: Allow
    Time Event: >

    I think you want 'Destination: Internet'

    Enable L2TP Secret: leave unchecked

    I'm not sure what they mean by that.

    DNS search domains: not set

    Again - not sure what they mean.  However, that reminds me - do you have 'Remote Access >> Advanced' configured?

    Cheers - Bob