keatscon
asked on
IOS VPN Configuration for iPhone
Does anyone have a sample configuration for and IOS router that will allow an iPhone to connect to it via a VPN tunnel? If so, would you please post it here?
ASKER
Thank you elsewhere1, but the iPhone, as far as I know, will not work with this the way we need it to.
We are supposed to make a direct VPN connection between an iPhone and and the IOS based device, whether it is an ASA or IOS router using an IPSec tunnel.
We are supposed to make a direct VPN connection between an iPhone and and the IOS based device, whether it is an ASA or IOS router using an IPSec tunnel.
Oh, I assumed it had to be done on a router. From the ASA it's cake:
ip local pool vpn-pool 10.4.8.0-10.4.10.255 mask 255.255.252.0
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS host x.x.x.x
timeout 5
key DEFINEAKEYHERE
aaa-server vpn protocol radius
aaa-server vpn host x.x.x.x
key THEABOVEKEY
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
group-policy _groupname_ internal
group-policy _groupname_ attributes
dns-server value x.x.x.x
vpn-session-timeout 36000
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
split-tunnel-policy tunnelspecified
tunnel-group _groupname_ type remote-access
tunnel-group _groupname_ general-attributes
address-pool vpn-pool
authentication-server-grou p RADIUS
default-group-policy _groupname_
tunnel-group _groupname_ ipsec-attributes
pre-shared-key YOURKEYAGAIN
Iphone stuff here:
https://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/iPhone/2.0/connectivity/guide/iphone.html
ip local pool vpn-pool 10.4.8.0-10.4.10.255 mask 255.255.252.0
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS host x.x.x.x
timeout 5
key DEFINEAKEYHERE
aaa-server vpn protocol radius
aaa-server vpn host x.x.x.x
key THEABOVEKEY
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
group-policy _groupname_ internal
group-policy _groupname_ attributes
dns-server value x.x.x.x
vpn-session-timeout 36000
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
split-tunnel-policy tunnelspecified
tunnel-group _groupname_ type remote-access
tunnel-group _groupname_ general-attributes
address-pool vpn-pool
authentication-server-grou
default-group-policy _groupname_
tunnel-group _groupname_ ipsec-attributes
pre-shared-key YOURKEYAGAIN
Iphone stuff here:
https://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/iPhone/2.0/connectivity/guide/iphone.html
ASKER
ElsleWhere1,
Appreciate your quick responses and the example configurations you have provided, but have you used these configurations in connecting an Iphone to an ASA or IOS Router?
Am looking for a configuration example from someone that has actually configured an ASA or IOS Router to support an iPhone connection.
Have gone to the link you , and many others, have posted and have found no real useful information that tells me how to configure an IOS router to allow iPhones to connect. That is why I am looking for an example configuration from someone that has actually done this so that I can learn from their pain and experience.
Appreciate your quick responses and the example configurations you have provided, but have you used these configurations in connecting an Iphone to an ASA or IOS Router?
Am looking for a configuration example from someone that has actually configured an ASA or IOS Router to support an iPhone connection.
Have gone to the link you , and many others, have posted and have found no real useful information that tells me how to configure an IOS router to allow iPhones to connect. That is why I am looking for an example configuration from someone that has actually done this so that I can learn from their pain and experience.
Ive used the configuration for the ASA, i use it now. Not for an iphone. Its all a matter of the client side settings.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Generate a self signed cert:
!--- Self-Signed Certificate Information
crypto pki trustpoint OURCERTNAME
enrollment selfsigned
serial-number none
ip-address none
revocation-check crl
rsakeypair OURCERTNAME 1024
!
crypto pki certificate chain OURCERTNAME
certificate self-signed 02
30820240 308201A9 A0030201 02020102 300D0609 2A864886 F70D0101 04050030
!---------------------
!--- the WebVPN Gateway
webvpn gateway OurName
ip address x.x.x.x port 443
http-redirect port 80
ssl trustpoint OURCERTNAME
inservice
!--- the WebVPN Context
webvpn context webvpn
title-color #CCCC66
secondary-color white
text-color black
ssl authenticate verify all
!--- resources available to the client
port-forward "portforward_list_1"
local-port 3002 remote-server "172.22.1.20" remote-port 110 description "Pop3 Email"
local-port 3001 remote-server "172.22.1.30" remote-port 23 description "Telnet"
!--- the group policy
policy group policy_1
port-forward "portforward_list_1"
default-group-policy policy_1
aaa authentication list sdm_vpn_xauth_ml_1
gateway OURNAME domain webvpn
max-users 2
inservice
When someone authenticates on the page java will build a list of available applications based on whats in the port forward list.