Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco ASA 55xx IPSec with iPhone

Status
Not open for further replies.
forrie

forrie

MIS
Mar 6, 2009
91
0
0
US
I've a project to enable VPN access with the latest iPhone 3G(S) to our internal networks. The stock configuration does not work -- it appears also that there are certain items you can't modify (proposals, etc).

I found an older link which may be helpful, that has a config at the end:


Most of the configuration they show there is fairly standard.

I'm not (yet) an ASA expert...

First, I wonder if anyone else here has worked on solving this problem; and, if so, what you did to get this working.

We have basically one splitTunnelAcl group defined which has characteristics that apply to the general client IPSec VPN (address pool, etc).

What I don't really understand here with the config at the above URL (for example) is the need to create a separate group and if that's the case, will we need to include VPN account logins into that group, or will the others work... or can users be members of multiple groups.

I'd really appreciate some assistance getting this working -- it's been a big frustration.

Thank you in advance.
 
Sort by date Sort by votes
Small note, we have:

crypto isakmp nat-traversal 10

vs 20.

and we don't use any wins servers, being mostly a UNIX shop


 
Upvote 0 Downvote
what does your config look like?? i've got iphone 3gs' working on multiple 5505's and a 5510

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Which part of the config do you need - I think posting an entire config here might be noisy. There are minor differences, such as the nat-traversal number (ours is 10).

I noticed you can't configure the IKE proposals under the iPhone, etc. The client has limited configurability (is that a word).

I also understand that the iPhone requires MSCHAP. We also don't have the ASA configured to route all the client traffic, just the traffic that applies to our internal networks (we don't want to be an ISP). I read somewhere that the iPhone pretty much requires this (all traffic).
 
Upvote 0 Downvote
I had this issue as well and what stopped me was the ASA IOS version must be 8.0 or higher. Try that first
 
Upvote 0 Downvote
I have seen configs that when posted look like they would bring Tek-Tips servers to their knees...lol

Don't worry about how long the config is---most of the time, we cannot think of all pertinent info we may need to help your situation...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
CISCO AnyConnect - URL instead of IP Address
Replies
4
Views
612
iggsterman
iggsterman
RogerRuntings
  • Locked
  • Question
VPN at Head Office to allow agents working from home to communicate (VOIP) with an external dialer
Replies
3
Views
254
iggsterman
iggsterman
raist3001
  • Locked
  • Question
Creating an IPSEC VPN tunnel between 2 DLINK DSR-250 help
Replies
0
Views
51
raist3001
raist3001
spivy66
  • Locked
  • Question
cisco vpn ssl help!
Replies
0
Views
32
spivy66
spivy66
KarstenJHilton
  • Locked
  • Question
Cisco RVS4000 IPSec VPN Setup
Replies
0
Views
37
KarstenJHilton
KarstenJHilton

Part and Inventory Search

Sponsor

Back
Top