L2TP IPSEC to Cisco ASA

I've been trying this as well. With about the same luck.

When I attempt to connect from my iPhone I get:

"Received encrypted packet with no matching SA, dropping"

However, from my 10.4.9 machine I get:

"Removing peer from correlation table, no match".

Drop me an email and we'll exchange some config notes if you'd like.

After 7 hours of working on this tonight I finally got it working. Ahh.. I have my new iPhone working with a Cisco ASA w/ L2TP.

The Cisco documentation is wrong. Instead of using a transport protocol with 3DES-MD5 use ESP-3DES-MD5.

For iPhone users:
Apple has its share of problems with the iPhone in this regard as well.

1) The VPN password does not save. You must enter it each time you try and bring up the VPN but the screen to enter the password only allows numeric characters. Therefore, make sure your remote access user account is numbers only.

2) Neither Split-tunneling nor the proxy setting in the VPN config works. I ran a packet capture on it and the iPhone never sends the request to the internal proxy server. Therefore, at least at this time, put aside all hopes of using the iPhone w/ VPN and being online at the same time. You'll have to bring up the VPN each time you want to sync mail or access internal web servers.

3) Finally, because of these limitations it seems better to me to enable the Email Proxy services on the ASA and tunnel inbound IMAPS and STMPS to the internal email servers. This eliminates the need for the VPN device (as long as you don't need web access to internal web servers).

Use tunnel, not transport.