Cisco VPN broken as of v17 MR2

Hi together,

it seems that the Cisco VPN for Apple iOS is broken again with the update to MR2.

While I'm still not able to save any certificate based setup, I recreated my PSK setup with MR2, but the problem still persists.

 

This is what the SYSTEM log says when I'm trying to connect with an iphone:

SYSTEM
2017-12-07 07:35:40
IPSec
Expire
 
IKE_SA timed out before it could be established
18057
SYSTEM
2017-12-07 07:35:20
IPSec
Failed
 
parsing IKE message from <inet ip of iphone>[17583] failed
18052
SYSTEM
2017-12-07 07:35:17
IPSec
Failed
 
parsing IKE message from <inet ip of iphone>[17583] failed
18052
SYSTEM
2017-12-07 07:35:14
IPSec
Failed
 
parsing IKE message from <inet ip of iphone>[17583] failed
18052
SYSTEM
2017-12-07 07:35:11
IPSec
Failed
 
parsing IKE message from <inet ip of iphone>[17583] failed

 

Thanks and best regards

Dom Nik

  • We have the same issue with a site to site tunnel between two XG's

     

    Regrads,

    Max

  • In reply to MRHU:

    Update:

    I solved the issue by reducing the PSK complexity:

    - Working solution with MR1: 128 characters, alphanumeric + special chars

    - Working solution with MR2: <= 32 characters, alphanumeric (special chars not tested yet)

  • In reply to Dom Nik:

    Hi,

    Did you manage to get this working with certs, i raised this a while back on the Beta forums and Alda gave a ticket number and were looking to fix it.

    It seems the fix made it on the latest version but there is still issues.

    Thanks

  • In reply to waghelak:

    Actualy you could have done it with 64 caracters or less.  (or may it is 62)

  • In reply to Big_Buck:

    I tried it with 64 characters alphanumeric which gave me the same error.

     

    --> An official statement from the Sophos crew would be nice. :-)

  • In reply to waghelak:

    I haven't managed to get this to work with certificates so far.

    The problem occurs already within the XG setup: When I try to save a Cisco VPN setup with certs it says "Cloud not be saved".

    I'm using certificates from my own PKI and haven't found out what the problem with these certificates could be...