IP Phone VPN connection to ASA using Anyconnect

Similar Messages

• Jabber client and IP Phone SSL VPN to ASA using AnyConnect

  Also for Jabber 9.1 can the Jabber for X softphone client (CUCM) can fireup a SSL VPN direct to ASA, similar to how 7965s can? Anyone aware if Jabber 10 or next version will support Jabber client with ASA? I have this delpoyed with 7965s and certificates but I have to manually start a AnyConnect session for Jabber for Windows on my laptop.
  https://supportforums.cisco.com/docs/DOC-9124

  The embargo/NDA is being lifted. The ASA is not involved. Here's the jump page with info:
  http://www.cisco.com/en/US/netsol/ns1246/index.html
  PS- Jason could have found out details in advance since DiData has partner NDA status.
  Please remember to rate helpful responses and identify helpful or correct answers.

• VPN connection terminated, Smartcard Error - AnyConnect 3.1.03103

  Hello,
  we have upgradet our AnyConnect Client from V3.0.4235 to V3.1.03103. After the upgrade, I can me authenticate with RSA. After authentication, the AnyConnect will startup the connection but it failed with the error message "VPN connection terminated, Smartcard Error". We use the mashine certificate to encrypt the SSL-connection. We don't use smart cards. When I disable the smartcard reader (DELL Wireless 5540 HSPA Mini-Card USIM Port) in the device manager, the connection is established.
  In the version 3.0.08057 it works too. The error is only from verion 3.1.03103 and only on Windows 7 Prof. Under Win XP it works.
  How can I disable the query the smartcard?
  Thanks for help or answers.
  Daniel

  Hi Daniel,
  This is a known issue on systems with the Dell 5540, and 5550 card, Cisco bug ID is CSCue30862. You cannot disable querying of this card.  The fix for this issue is in the next release of AnyConnect.
  Thanks,
  Steve S.

• IP Phone SSL VPN to ASA using AnyConnect

  I have a CUCM 7.1.5. We are using Phone proxy today. I wanted to upgrade to IP phone SSL VPN.
  I know in 8.x and 9.x the Proxy phone is not supported and Cisco supports SSL VPN.
  However, The question is: if CUCM 7.1.5 supports Phone SSL VPN.
  Lastly,
  I hear about Collaboration Edge in CUCM 10.x
  If CUCM 10.x is deployed then how the ASA concept plays a role here.
  What type of license I would need for Collaboration Edge to register the endpoints\phones from outside of network. 
  I cant find any information about the Colaboration Edge on the Internet...
  Message was edited by: Sean Poure

  The embargo/NDA is being lifted. The ASA is not involved. Here's the jump page with info:
  http://www.cisco.com/en/US/netsol/ns1246/index.html
  PS- Jason could have found out details in advance since DiData has partner NDA status.
  Please remember to rate helpful responses and identify helpful or correct answers.

• VPN connection to WRVS4400N using a Samsung Galaxy tablet

  I have a Samsung Galaxy 10.1 tablet and have bee trying to connect to my WRVS4400N router with VPN through the "on board" software as well as with the Any Connect software from Cisco.  I have no issues at the moment using Quick VPN from my laptop.
  When using the Any Connect software I receive the following messages:
  Security warning: untrusted certificate
  AnyConnect cannot verify the identity of <IP address>.  Would you like to continue anyway?
  - Certificate does not match the server name.
  - Certificate is from an untrusted source.
  - Certificate is not identified for this purpose
  [Accept]  [Details]  [Cancel]
  If I select accept, the following error is received:
  "Error:  Connection attempt has failed due to server communication errors.  Please retry the connection".
  I have tried setting up the on board VPN with the Samsug Galaxy but every attempt has resulted in a time-out of the connection.
  Any assistance would be greatly appreciated.  Thanks.

  Hi Blair,
  The WRVS4400N only works with the QVPN software. The only small business router at this current time works with the Cisco any connect vpn is the SA500 series routers.
  I hope this helps.....
  Thanks,
  Tori Woods
  Cisco Support Engineer
  CCNA, CCNA Wireless

• IPSEC VPN Connection

  I have create a ipsec  vpn connection between asa router 500 and netgear vpn prosafe 318, the problwm I'm running into is , I have my separate from the above connection, Im only trying to give access to one sever, the other side can ping my ip, but I can not ping the other side at all, and when I do a tracert , it is not utilizing the vpn , it is using the internet. What is that Im missing or did wrong ?
  This topic first appeared in the Spiceworks Community

  On Spiceworks there's an article titled 10 signs SysAdmins are really superheroes - Yes, we mean you!http://community.spiceworks.com/topic/1099346-10-signs-sysadmins-are-really-superheroes-yes-we-mean-...and has a picture of an IT guy with the Superman S under his shirt. So I responded with Based on Man of Steel , I believe you have an anarachrinistic impression of Clark Kent.As we all know now... Pa Kent's paranoia regarding the alien-nature of Clark's being means that maintaining the secret of Clark's origins is the primary mission no matter what is happening in the environment. Thus Pa Kent's noble death saving a stupid dog from the path of a tornado.. making it clear to Clark to do nothing. Who wouldn't want a husband and father like that?

• [Mac OS X] Problems setting up L2TP VPN Connection

  I recently moved from Windows to Mac OS X (10.6.6). Unfortunately this move was not so smoothly as I hoped for and I am currently facing some issues with the VPN-connection to the company I work for. As with many companies they do not have a Mac-guide and I am trying to solve this issue, but so far unsuccesful.
  To access my data on the company’s server (MS TS Environment) I need to establish a L2TP-IPsec VPN connection. I used Mac OS X built in network tool and filled out all the necessary information such as vpn address, shared secret/key, password and accountname. I even double checked the information various times so no spelling errors occurred. After some seconds I receive the message that the L2TP-VPN-server does not respond.
  I checked other posts already and I checked the box that sents all traffic via this VPN-connection but without any results. For a moment I doubted that the cause of this issue might be my home-network: MBA <-> Timecapsule <-> Thomson TG789 … however when I make a L2TP VPN connection using a Windows XP or Vista pc this can be done without problems (using the same network structure) so I guess it is a mac-related problem either with my MBA (Mac OSX) or with the companies servers…
  I found out that using the console.app can provide me with some more information about the connection process:
  - L2TP connecting to server
  - IPSec connection started
  - IKE Packet: transmit success.
  - IKE Packet: receive success.
  After a couple of attemps from the 6th message it suddenly shows:
  - IKE Packet: receive failed.
  - IKE Packet: transmit success.
  - IKE Packet: receive failed.
  -IKEv1 Phase1: maximum retransmits.
  -IKE Packets Receive Failure-Rate Statistic.
  And this finally results in ' IPSec connection failed'
  Does anyone has an idea of what the problem might be (e.g. the settings of the MAC or the settings of the companies VPN or ???) and maybe a solution for this problem?
  Many thanks from a newbie but satisfied Mac-user!

  Hi, I have the same problem with the establishing VPN connection using L2TP without IPsec.

• Configuring PPP options for only one VPN connection

  How do you configure PPP options for only one VPN connection that is using L2TP over IPSec? The built-in VPN client in 10.4.9 is failing authentication because it won't talk MSCHAP-V2 (this is the only authentication protocol I can use) with the server. I am able to establish a connection if I add the following to /etc/ppp/options:
  refuse-eap
  refuse-pap
  refuse-chap
  refuse-mschap
  require-mschap-v2
  However, these options will affect all PPP connections. The preference file that contains the network configurations (/Library/Preferences/SystemConfiguration/preferences.plist) also contains PPP options for each specific network service. After some searching around, I found that there are several keys that seem promising (MSCHAP2, etc.). But these keys take a string value and I have no clue what they should be. These keys are defined in SCSchemaDefinitions.h file.
  Any ideas?
    Mac OS X (10.4.9)  

  Hi Brian,
  I just tried to check all of ADDT´s "includes" files for any internal references (read: "require" or "require_once" statements) to the file "tNG_config.inc.php". So far I can only see this file referenced in the file "tNG.inc.php" (within the "$KT_tNG_uploadFileList1" array).
  So what could this mean ? Maybe you´ll have to make copies of the the original "tNG.inc.php" as well and save them as, say, "tNG.inc_ital.php" file plus make sure that these copies internally point to a different "tNG_config_ital.inc.php" file -- because it´s always the first mentioned file which gets referenced from e.g. an ADDT login page (see the "Load the tNG classes" - part)
  I want to use ADDT’s User Registration Wizard and I have looked at all the neat stuff in the Control Panel/Login Settings
  The Control Panel will always update the main "tNG_config.inc.php" file, so any further modifications will have to become manually applied to the custom files you´re creating.
  Cheers,
  Günter

• VPN Connectivity from Mac to Windows Server

  I have been using Windows OS all my life, now I recently bought a new Mac machine, and it my first time using Mac OSX Lepord, so I don't no much, I tried to connect my Mac to a VPN - windows using the mac VPN Connectivity provided which uses tunneling Protocol, I am successful in establishing connectivity to windows server, but the problem is, it still uses ip address assigned by the router while rowsing, and not the ip address of the VPN machine while browsing sites, the reason I use VPN connectivity is to bypass ISP who blocks most of the useful sites. I tried to set proxy setting in my safari browser, but failed and also automatic proxy does not work, can someone hep me and tell me how to achieve what I am trying to achieve using MAc.

  exero –
  Though this will be a pain it will help trace down the problem.
  Since you are attempting to VPN to the SBS what happens if you connect the Mac locally dose RDP connection map the drives and can you map to the SBS shares directly?
  What happens if you try connecting with a PC via the VPN?
  Also (though risky) I would open all the ports on your firewall that point to the SBS and try connecting to the VPN again with Mac and see what happens. (Don’t forget to close them back).
  Below are two links that may provide some additional information. The first is from Microsoft and list all of the ports used by MS products. The second one is a public post that focuses on SBS 2003.
  http://www.microsoft.com/smallbusiness/support/articles/refnet_ports_msprod.mspx
  http://www.howtonetworking.com/sbs/rwwports.htm
  Best of Luck –
  BH

• ASA 5510 Anyconnect VPN question-"Hairpin" vpn connection on same external interface

  I have a Cisco ASA 5510, I want to allow a VPN connection to be established by a client on one of the inside interfaces(10.20.x.x) to be able to go out the single External interface and get authenticated by the ASA to create a VPN tunnel to the other inside interface (10.0.X.X) and access resources on that subnet.
  Basically want clients on a WLAN to be able to VPN back in to the LAN with the ASA in the middle to get to company resources,
  Is this possible?
  Thanks,
  Tommy

  When we connect any VPN on a device then it is always a TO THE DEVICE connection and I am afraid we can connect only to the local / nearest interface where user is connected in a network with respect to ASA.
  I have seen this scenario working though earlier with one of my clients wherein he has configured his DNS server accordingly so that depending upon the source of the DNS request an appropriate IP address was provided for same DNS name. For example if user from IP address range 192.168.0.0 range connects to abc.com then it will get IP address 192.168.1.1 and if a user from range IP address10.0.0.0 connects then it will get 10.1.1.1.
  If we configure the same scenario as well then your requirement will be fulfiled with same name however VPN has to be enabled on wireless interface again. If not, then as you have described configuring a new domain name for VPN connection only for wireless users should do the deal.
  Regards,
  Anuj

• AnyConnect on Apple iOS - VPN-Connect via HTTP-Proxy

  Hi,
  is it possible, that the AnyConnect-Client for Apple iOS (i.e. iPAD) automatically uses the configured HTTP-Proxy in the WLAN properties for the establishment of the VPN-Connection (via SSL/TLS)?
  I've tested it, but it does not work. In the documentation is stated, that VPN establishment via HTTP-Proxy works only in Windows (AnyConnect uses the IE Proxy settings to connect to the ASA for VPN establishment).
  Thanks

  As per w2k3 sniffer trace, 2851 requesting with user=vpnfamily and encrypted password. The password "Password1" which is VPN group's key sending to IAS?
  ->I have "vpnfamily" with password "Password1" but no luck
  Event log shows "Fully-Qualified-User-Name = INFRA\vpnfamily". INFRA is AD NetBIOS name. 2851 router's domain name is "family.com"
  ->Is this something wrong?

• ASA 5505 VPN Connection Issue

  Good morning everyone,
  At my last position I was IT Director whose area of expertise was database and application development. All of the company's networking planning and maintainence I entrusted to my sysadmin, Salvadore. Back in 2004 we began implementing major changes in the network. Salvadore recommended SonicWALL firewalls. He did a fantastic job of securing our valuable server assets. Among the many improvements Salvadore established VPN access to the datacenter assets for mobile employees. What I remember especially well was the ease-of-use: start the VPN Client then RDP to a server or connect with SQL Server, in addition to connecting to all devices on my home network. It was absolutely beautiful!
  Fast forward to today. I have since retired. I do a little bit of daytrading on the side for entertainment. I leased a dedicated server to run an application that runs continuously 24 hours a day, 5 days a week. I contacted Salvadore to do a security audit on the server. As expected the server was under constant assault by bots trying to hack the RDP port. Salvadore recommended a firewall. The datacenter host offered us two choices of Cisco firewalls, one of which we chose: ASA 5505.
  Today I have a secure server which pleases me. The one thing that bothers me however is that I lose access to my home network devices while the VPN Client is connected. Here are the symptoms:
  I cannot send an email with Outlook as I normally do by relaying off of my Internet provider's SMTP server.
  I cannot connect to the TradeStation servers with my TradeStation application using login credentials that are authorized for my home network only.
  I cannot access my Seagate network storage drive.
  This is what I discovered:
  My wireless adapter (which I use from this laptop) identifies itself as "Wireless LAN adapter Wireless Network Connection" in IPCONFIG. IPv4 address is 192.168.0.5. Default Gateway: 192.168.0.1.
  After I connect the VPN Client, IPCONFIG reports a new adapter: "Ethernet adapter Local Area Connection 2". IPv4 address is 10.0.10.4. Default Gateway: 10.0.10.1.
  When I launch Windows Task Manager and click on the Networking tab, I see those two adapters.
  When launch IE and go to bandwidthplace.com to run a test, I see all of the network traffic going over "Ethernet adapter Local Area Connection 2".
  When I disconnect VPN and then rerun the bandwidth test, I see that all of the network traffic now goes over "Wireless LAN adapter Wireless Network Connection".
  This explains all of the symptoms:
  My Internet Provider will only allow me to relay off of their email servers if I am connected to their network.
  TradeStation refuses connection to their network because my credentials do not match my network address.
  There is no Seagate network storage device on the remote server network.
  My questions to the Cisco Support Community are:
  Is this the best I can hope for?
  Must all traffic be routed through the VPN connection?
  Is there any way to route traffic destined for 10.0.*.* through VPN and everything else through the default connection?
  Thank you everyone for your help. I would be happy to provide additional detailed information.

  Hi Brian,
  you can route traffic destined to 10.0.*.* over the VPN and keep normal internet traffic unencrypted over the default connection - this setup is known as VPN Split Tunnelling.
  This doc shows how to setup the access control list and apply this to the tunnel policy.
  Hope this helps
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

• Cisco ASA 5505 Remote Access IP/Sec VPN Connectivity Issues

  We have a Cisco ASA that we use just for Remote Access VPN. It uses UDP and was working fine for about 2 months. Recently clients have had intermittent issues when connecting from home. The following message is display by the Cisco VPN Client :
  "Secure VPN connection terminated locally by the Client. Reason 412: The remote peer is no longer responding"
  Upon looking at a client side packet capture, I notice that no response is being given back to the client for the udp packets sent to the ASA on udp 500. If I login to the ASA from the LAN and send a single ping FROM the ASA, then the client can connect without issue. I don't understand the significance of the needed outbound ping since ping is not used by the client to test if the ASA is alive.
  Once again this is a remote access udp ip/sec VPN. I set most of it up with the VPN wizard and then backed up the config. The issue started happening at least a month after setup (maybe two) and I restored to the saved config just in-case, but the issue remains.
  Any insight would be greatly appreciated.
  I'm using IOS 831 and have tried 821 and 823 as one thread that I found recommended downgraded to 821.
  Thanks much,
  Justin

  Javier,
  I logged into the ASA last time the VPN went down. I issued the following commands:
  debug crypto isakmp 190
  debug crypto ipsec 190
  capture outside-cap interface outside match udp any any
  I then used a remote access tool to access the client and tried to connect. I got absolutely nothing from debugging. So I issued the following command:
  show capture outside | include 500
  and also got nothing. So I issued the following command:
  ping 4.2.2.2
  Upon which my normal deug messaged began to showup, so I issued the show capture outside command again and recieved the expected output below:
     1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 868
     2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 444
     3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 172
     4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
     5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
     6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
     7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 60
     8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 204
     9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
    10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 252
    11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 868
    12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 444
    13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 172
    14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
    15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
    16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
    17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
    18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 204
    19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 252
    20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 1036
    21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
    22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 188
    23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
    34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
    35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
    70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 100
  174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 500
  377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000:  udp 100    1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 868
     2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 444
     3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 172
     4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
     5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
     6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
     7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 60
     8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 204
     9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
    10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 252
    11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 868
    12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 444
    13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 172
    14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
    15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
    16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
    17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
    18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 204
    19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 252
    20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 1036
    21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
    22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 188
    23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
    34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
    35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
    70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 100
  174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 500
  377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000:  udp 100
  It would seem as if no traffic reached the ASA until some outbound traffic to an arbitrary public IP. In this case I sent an echo request to a public DNS server. It seems almost like a state-table issue although I don't know how ICMP ties in.
  Once again, any insight would be greatly appreciated.
  Thanks,
  Justin

• How can I debug VPN connections on a Cisco ASA?

  Hi,
  I have a Cisco ASA and I am trying to get a Cisco 877 DSL router connected to it using the ASDM VPN wizard, but can't.
  I have just had the 877 DSL router connect to my Cisco Concentrator and have simlpy changed the peer address on the router to now point to the ASA's external IP instead of the Concentrator. The Concentrator is good because I like it's real-time event viewer and it can tell me if the Concentrator is even seeing the connection attempt, but how can I dall this on the ASA?
  Thanks

  show isa sa
  - that will show the status of phase 1
  show cry ipsec sa
  - that will show the status of phase 2, as well as number of encrypted/decrypted packets

• Using the personal hotspot feature on the iPhone 5, I am able to connect to the internet.  We also use Juniper NCP client to access our system remote.  A VPN connection is created, but I am unable to access servers on our network.  This works on iPhone 4.

  Using the personal hotspot feature on the iPhone 5, I am able to connect to the internet.  We also use Juniper NCP client to access our local system from a remote location.  A VPN connection is created, but I am unable to access servers in our network.  This same functionality works using my colleagues iPhone 4.
  Both phones are running iOS 6.1.3.  I tried to reset network settings, but still unable to ping servers in our network.  This is a feature that our sales team relies heavily on when out of the office.  Hoping someone has some suggestions on what is different between the 2 phones.

  Hi,
  Generally, this issue should be related with something called split tunneling, since you’re using a F5 vpn client, you need to look for something related to split tunneling in the F5 VPN client's documentations.
  Here is an example, share it with you as a reference.
  http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm_config_10_2_0/apm_config_networkaccess.html
  In addition, you can refer to the link below for more solution about this problem.
  You Cannot Connect to the Internet After You Connect to a VPN Server
  http://support.microsoft.com/kb/317025
  NOTE
  This
  response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you.
  Microsoft
  does not control these sites and has not tested any software or information found on these sites.
  Yolanda Zhu
  TechNet Community Support