1. DroidForums.net is currently undergoing a major software upgrade. If you are experiencing any problems logging in please: Contact Us

VPN Issue

Discussion in 'Android General Discussions' started by sir, Nov 9, 2009.

  1. sir
    Offline

    sir New Member

    Joined:
    Nov 9, 2009
    Messages:
    256
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Raleigh, NC
    Not really an issue with the phone as much as a missing feature, but none of the VPN Profiles in Eclair allow you to enter the "Group Name" and "Group Password" that some Cisco (and other?) VPN configurations need.

    If you know you need to enter a group name or password for your VPN connection, I haven't been able to find a way to make it work and everything I've found on the Internet has led me to believe it's not possible at this time.

    /me hopes someone can prove me wrong
  2. ppphfwhatever
    Offline

    ppphfwhatever New Member

    Joined:
    Nov 6, 2009
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    0
    i was playing around with this today too and gave up for now
  3. castalia
    Offline

    castalia New Member

    Joined:
    Nov 9, 2009
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    0
    I have been trying to find a way to do this all day. So far all things lead me to thinking you have root the device and follow those steps. Of course I am as of yet not willing to root my phone. Has anyone had success with a CISCO style VPN connection?
  4. sir
    Offline

    sir New Member

    Joined:
    Nov 9, 2009
    Messages:
    256
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Raleigh, NC
    even if you were willing, you'd have to wait for someone to figure out how to root the device first ;)
  5. castalia
    Offline

    castalia New Member

    Joined:
    Nov 9, 2009
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    0
    Well yes. I am aware that it isn't possible to root the Droid yet. Just curious if anyone had seen a way that did not involving rooting.
  6. sir
    Offline

    sir New Member

    Joined:
    Nov 9, 2009
    Messages:
    256
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Raleigh, NC
  7. Tekmazter
    Offline

    Tekmazter New Member

    Joined:
    Nov 15, 2009
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    0
    I've made some progress on this today. I'm able to complete both Phase 1 and Phase II of the tunnel negotiation using the Droid and CISCO 3000 concentrator. At this point I am able to complete the VPN handshake and something in the auth process fails at the very end. In other words, I can get the VPN to connect and build a tunnel.

    Just as I see traffic being passed (I do see packets encrypt and decrypt meaning two-way flow of traffic in the tunnel) I get bumped. Logs are below. Anyone else working with CISCO 3000's can also validate my work.

    %IKE-5-120: RPT=28091: 75.195.28.21: Group [75.195.28.21] PHASE 2 COMPLETED (msgid=d0a5afb9

    %L2TP-5-57: RPT=4: 75.195.28.21: Tunnel to peer 75.195.28.21:50662 established

    %L2TP-5-53: RPT=4: 75.195.28.21: Session started on tunnel 75.195.28.21:50662

    L2TP-5-47: RPT=4: 75.195.28.21: Session closed on tunnel 75.195.28.21:50662 (peer 59497, local 21768, serial 302617193), reason: Call disconnected for administrative reasons

    %L2TP-5-33: RPT=4: 75.195.28.21: Exceeded rexmit limit of 4 to 75.195.28.21:50662 (Ss:3, last Nr:2)

    %L2TP-5-46: RPT=4: 75.195.28.21: Tunnel to peer 75.195.28.21:50662 closed, reason: Peer no longer responding


    The group is set to use Domain authentication, not RADIUS. I'm not sure where it's failing in the auth process at this point, but that is where I'll continue to troubelshoot. Most likely I'll add a local user account on the 3000 and see if I can get it to successfully auth from there.

    The one caveat here which tells us how close this thing is to prime time is the group name. I had to create a new group on my Concentrator and set it to the IP address of my phone at the time of the connection. It appears that Verizon changes their IP's far less frequently than say AT&T and a BB I have. I've confirmed this using WhatIsMyIP.com. If you do not set the group name on the Concentrator to the IP of the phone at the time, the 3000 will not recognize the Droid VPN connection group and simply drop you at the door. This is important information however, as one would think that adding a field to specify a Group name would be easier than adding other functionality such as true IPsec VPN capabilities which BTW the Droid does not do!

    Here are my notes from the setup:

    Group Name is IP Address of Phone
    Password for group name matches password I used on my Phone
    You must enable L2TP over IPsec on the CISCO appliance
    My IPsec SA on the CISCO 3000 is set to use ESP-L2TP-TRANSPORT

    I'll update this post again with more information when I have some more time to troubleshoot.
  8. village
    Offline

    village New Member

    Joined:
    Nov 26, 2009
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    cisco ipsec vpn

    This is mostly a clarification for other technically challenged people such as myself. You need to be logged into your google account to vote on issues by starring them.

    It took me a little while to figure out that starring an issue to vote for it is simply clicking the star to the left of the word "ISSUE". So I did it.

    It became much more clear to me at the following site, how the "voting with stars" system works. If you're inclined to have your wishes come true, go to Issues - android - Project Hosting on Google Code and click "Sign in" at the top right corner of the screen, do so and you'll be able to click (the white and almost invisible) stars to the left of the issues that are most important to you such as issue 1281 (a flash player for the droid) or flash support for the droid.
  9. sir
    Offline

    sir New Member

    Joined:
    Nov 9, 2009
    Messages:
    256
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Raleigh, NC
    I unstarred it because I was sick and tired of people commenting on it and it sending me an email. No one realizes that if you want something done you just have to star it. They don't bother with comments like that.
  10. Brindall
    Offline

    Brindall New Member

    Joined:
    Jan 19, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Droid VPN

    For those interested in a Droid to Cisco VPN...

    I have not created a fully successful connection yet, but I have been messing with this off and on for a while and have learned some interesting stuff I will pass along.

    I am working with a Cisco ASA 5520.
    The groupname must be 'DefaultRAGroup' since the Droid doesn't specifically handle groupnames. The name on your Droid prob needs to be the same.
    You must set a transform set to transport mode since L2TP is transport mode only, not tunnel, and make sure this new transform is added to the dynamic crypto map.

    With these settings I am now completing Phase 2 of the VPN connection successfully, but still the Droid drops the connection. I don't know why the Droid won't complete the connection, but I think I am getting close...
  11. kxblust
    Offline

    kxblust New Member

    Joined:
    May 26, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Vpn

    I have VPN access to my company via both Cisco VPN and via Citrix Access Gateway VPN.

    I was able to get VPN access working today from my Driod via Citrix Access Gateway VPN (because that works only over HTTP/SSL port 443). However, was not able to get VPN access via Cisco VPN working (probably because it is IPSEC VPN). Of course, Cisco VPN does work better than Citrix Access Gateway for VPN in general, but Citrix Access Gateway VPN can do about 97 % of what Cisco VPN can do.
  12. rgesner
    Offline

    rgesner New Member

    Joined:
    Aug 30, 2010
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    So, what *is* the transform set that the Droid 2 uses?

Search tags for this page
android vpn authentication failed
,

android vpn ike negotiation failed

,
android vpn ike negotiation failed osx server 10.4
,

android vpn unsuccessful

,
cisco concentrator 3000 samsung galaxy note 3
,

droid vpn authentication failed

,
droidvpn fail to set ip address fix
,
droidvpn failed ip address on galaxy s4
,
galaxy s4 vpn not work cisco asa
,
ike negotiation failed andrioid
,

ike negotiation failed android

,
samsung s4 success use driodvpn
,
verizon vpn group name
,
vpn 3000 samsung vpn
,
vpn android - ike negotiation failed