We are using a Secure Access Server (8.0R5) and trying to connect IKEv2 VPNs to it from Windows 8.1 devices.
It works with Windows 8.1 laptops (yay!).
However, if fails with Windows Phone 8.1 devices. The devices themselves have very little diagnostic capability, but we get the error code 13801.
The certs are all OK for the laptops, so we are struggling to understand why we are having the problem with the phones. I wondered if anyone had any ideas, or had windows phones working on this server?
I have a slight feeling that there might be different levels of DH used by the different devices - laptops 14 (2048-bit) and phones 2 (1024-bit). But I thought they were subject to negotiation and shouldn't stop connectivity? And I can't see anywhere on the server where this can be set/changed, anyway
It would be useful if we could see any logs on the VPN server. There is nothing in the user log - as no user connects. I'm not sure how we can get connection fail/success logs from the server - is this possible and if so, does anyone know of any documentation which explains how to do it?
Any help that anyone can give would be overwhelmingly gratefully received.
Is your certificate chain installed on the mobile phones as well? Yes, the DH values cannot be set If you take a TCP dump on the appliance, are you able to see the traffic from the phone? How does the IKEv2 negotiation (ISAKMP) look? If you save the trace in SSLDump format, do you see any additional messages?