ADA 5505 VPN setup for iphone cisco client.

jtgalo used Ask the Experts™
I already have a client VPN setup for my windows clients.  I would like to setup VPN access for our iphones.  I have not found any clear direction on the specific setting for the iphone on the ASA.  I know the current VPN group doesnt work:)

Do I need to create its own group and policies?  Are there specific ports/config required for the iphone to connect?  Secret phase... Is this the group key?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Les MooreSr. Systems Engineer
Top Expert 2008
What version ASA OS? You should have 8.0 or better
You might have to build the VPN profile off the phone
Top Expert 2010
I had a client complete this recently using the following:

On the Iphone side:

"IKE phase 13DES encryption with SHA1 hash method.
"IPSec phase 23DES or AES encryption with MD5 or SHA hash method.
"PPP AuthenticationPAP, MS-CHAPv1, or MSCHAPv2 (preferred).
"Pre-shared key (only for iPhone).

On the asa side, you would need to add something like the following example:

tunnel-group DefaultRAGroup general-attributes
address-pool pool
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
authentication ms-chap-v2
crypto ipsec transform-set trans esp-3des esp-sha-hmac
crypto ipsec transform-set trans mode transport
crypto dynamic-map dyno 10 set transform-set set trans
crypto map vpn 20 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp identity auto
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400  
crypto isakmp nat-traversal 3600


Good luck.  

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial