** I know that this can be done with the app if I have the GP license, this isn’t the target here **
I have a PA-220 that I can’t get licensed (was given to me by a colleague but tied to his old work so to get it licensed would cost more than the PA-440 I just ordered has cost me.
I am going to get a trial license applied to the 220 so I can get it loaded with the latest TP content package but then after that it’s going to be running unlicensed.
I set the Group name and password for X-Auth support and tried with my phone to get it to connect via IPSEC VPN on my android but cannot for the life of me make it work.
From my digging it seems like few if any have actually made it work.
Anyone on here successfully made this work? can you give some pointers on what steps you took?
I would like for my dad to VPN from his phone.
Worst case he can VPN to mine as I’ll have the license and access his resources from the always-on VPN I’m setting up.
Thanks in advance legends 
XAUTH works well and all you need to do is configure the GP VPN gateway and add the XAUTH Group Name and password and you’ll be good to go. The native Cisco VPN client on an iPhone/Mac, Android, or Linux can be configured to work with this IP or associated FQDN applied on this endpoint.
Charging a substantial premium for mobile device support has been a dumb choice by PAN IMHO. They should just charge a few bucks per app.
have you made it work with the android built in VPN capability?
My Samshit has ikev2/ipsec w/ psk (fails, palo log shows unknown connection), l2tp/ipsec (fails because well its not l2tp…) and ipsec/x-auth with psk: this shows like it succeeds phase 2 in the palo logs but the phone just says that its fails to connect.
Maybe i’ll download the cisco vpn client and try it. But yes I agree, charging extra for linux/mac/phone support is a shit move.
So was that the Cisco anyconnect client?
What configuration did you set on the client? The options look like primarily cert auth methods.
bump u/bodgiewan. I still had no luck, cisco anyconnect vpn client i couldnt get around what type of connection it should be.
