Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 3426 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2tp over ipsec with ipad

bobby_digital
Hi All,

I am configuring my IPAD runing IOS 6.1.3 with My Astaro device running 
9.105-9. I am using remote access L2TP OVER IPSEC without the certificate as I am using PFS. 

When I try to connect i'm getting vpn didnt respond from IPAD and Failed login attempt when I check the logs. 

09:28:42 pluto[30709]: packet from 172.22.49.148:500: unsupported exchange type ISAKMP_XCHG_AGGR in message
2013:09:10-09:28:42 pluto[30709]: packet from 172.22.49.148:500: sending notification UNSUPPORTED_EXCHANGE_TYPE to 172.22.49.148:500

Debugs:

2013:09:10-00:33:03 pluto[19153]: packet from 172.22.49.148:500: received Vendor ID payload [RFC 3947]
2013:09:10-00:33:03  pluto[19153]: packet from 172.22.49.148:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2013:09:10-00:33:03  pluto[19153]: packet from 172.22.49.148:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2013:09:10-00:33:03  pluto[19153]: packet from 172.22.49.148:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2013:09:10-00:33:03  pluto[19153]: packet from 172.22.49.148:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2013:09:10-00:33:03  pluto[19153]: packet from 172.22.49.148:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2013:09:10-00:33:03  pluto[19153]: packet from 172.22.49.148:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2013:09:10-00:33:03  pluto[19153]: packet from 172.22.49.148:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2013:09:10-00:33:03  pluto[19153]: packet from 172.22.49.148:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2013:09:10-00:33:03  pluto[19153]: packet from 172.22.49.148:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2013:09:10-00:33:03  pluto[19153]: packet from 172.22.49.148:500: received Vendor ID payload [XAUTH]
2013:09:10-00:33:03  pluto[19153]: packet from 172.22.49.148:500: ignoring Vendor ID payload [Cisco-Unity]
2013:09:10-00:33:03  pluto[19153]: packet from 172.22.49.148:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2013:09:10-00:33:03  pluto[19153]: packet from 172.22.49.148:500: received Vendor ID payload [Dead Peer Detection]
2013:09:10-00:33:03  pluto[19153]: packet from 172.22.49.148:500: initial Main Mode message received on 98.230.170.140:500 but no connection has been authorized with policy=XAUTHPSK+XAUTHSERVER

I followed the document to the letter and even changed the override host name to match which I am thinking shouldn't matter since i'm not using certificates.



Any help would be greatly appreciated.


This thread was automatically locked due to age.
Parents
  • 0
    Try it, it's cool and quick.  The other neat thing with iOS is to first get the OpenVPN app from the iTunes store and configure SSL VPN Remote Access in the UTM.  Then the Profile also populates the OpenVPN configuration in the iPhone.  It's now my preferred method because certificates are more secure than PSKs and the SSL VPN method works with Active Directory authentication.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Thank you for your help. I used the import settings via the portal to open vpn on the IPAD. 

    Worked liked a charm.

    Thanks again!!!!!
Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML