VPN Iphone to Cisco ASA

Posted on 2009-06-29
Medium Priority
Last Modified: 2012-05-07
ASA Version 8.0(4)

Can someone please explain how to setup a VPN tunnel from an Iphone to Cisco ASA?
Question by:dufff
1 Comment
LVL 33

Accepted Solution

MikeKane earned 2000 total points
ID: 24737438
ASA does support that....  

Ono the Iphone side:

"IKE phase 13DES encryption with SHA1 hash method.
"IPSec phase 23DES or AES encryption with MD5 or SHA hash method.
"PPP AuthenticationPAP, MS-CHAPv1, or MSCHAPv2 (preferred).
"Pre-shared key (only for iPhone).

On the asa side, you would need to add something like the following example:

tunnel-group DefaultRAGroup general-attributes
address-pool pool
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
authentication ms-chap-v2
crypto ipsec transform-set trans esp-3des esp-sha-hmac
crypto ipsec transform-set trans mode transport
crypto dynamic-map dyno 10 set transform-set set trans
crypto map vpn 20 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp identity auto
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400  
crypto isakmp nat-traversal 3600

Reference: http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/l2tp_ips.html#wp1046219

Good luck.  

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Just after setting up Cloud PBX connectivity and migrated Skype users to SFBO, we noticed inbound calls not working but outbound calls would work.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

619 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question