So the previous thread we were discussing Apple iOS.  Now you may have had the same issues with Andoid with it becomming more popular.
First issue when configuring the ASA is the IKEv1 key exchange that goes on.  When a device attempts to connect, the client is asked to provide all of the key schemes that it supports.  Android 4.1+ and IOS 7 give out (in order)
Android

AES-CBC 256 Seconds 28800 SHA1 DH Gp 2
AES-CBC 256 Seconds 28800 MD5 DH Gp 2
AES-CBC 128 Seconds 28800 SHA1 DH Gp 2
AES-CBC 128 Seconds 28800 MD5 DH Gp 2
3DES-CBC Seconds 28800 SHA1 DH Gp 2
3DES-CBC Seconds 28800 MD5 DH Gp 2
DES-CBC Seconds 28800 SHA1 DH Gp 2
DES-CBC Seconds 28800 MD5 DH Gp 2

iOS 7

AES-CBC 256 Seconds 3600 SHA1 DH Gp 5
AES-CBC 256 Seconds 3600 SHA1 DH Gp 2
AES-CBC 128 Seconds 3600 SHA1 DH Gp 2
AES-CBC 256 Seconds 3600 MD5 DH Gp 5
AES-CBC 256 Seconds 3600 MD5 DH Gp 2
AES-CBC 128 Seconds 3600 MD5 DH Gp 2
3DES-CBC Seconds 3600 SHA1 DH Gp 2
3DES-CBC Seconds 3600 MD5 DH Gp 2
DES-CBC Seconds 3600 SHA1 DH Gp 2
DES-CBC Seconds 3600 MD5 DH Gp 2

Now we have these values we can look at configuring the ASA to support native IOS and Andoid clients using x509 Certificate authentication.   Its pretty obvious that the top one is the most secure, trailing off to blatantly insecure…….
Time for post 3……..