We help IT Professionals succeed at work.

VPN from ipad to Cisco PIX-501

Bill Warren
Bill Warren asked
on
3,199 Views
Last Modified: 2012-05-10
Is is possible to VPN to a PIX-501 from my ipad... in the ipsec config on the ipad it is asking me for Server, account, password, Group Name, and Secret... however with my VPN client I am just used to needing a server address, username and password is it possible to connect to the PIX?
Comment
Watch Question

Adrian CantrillSolutions Architect
CERTIFIED EXPERT

Commented:
have you tried just entering servername username and password and attempting a connection ?
Bill WarrenIT Manager

Author

Commented:
Yeah it says i need to enter a secret... I have no secret to add... if I just add anything it does accept it
Adrian CantrillSolutions Architect
CERTIFIED EXPERT

Commented:
what type of VPN have you configured on the PIX ? what protocol etc. Secrets are generally used for site2site VPN links .. odd why the ipad is prompting for that.
Bill WarrenIT Manager

Author

Commented:
ipsec
Adrian CantrillSolutions Architect
CERTIFIED EXPERT

Commented:
and you have configured it as a remote access VPN and not site to site ?
Bill WarrenIT Manager

Author

Commented:
I have it working with both VPN clients and Site to Site VPN there is no "Secret" with the site to site either
Straight from the cisco site:

"The Cisco ASA 5500 series and PIX Firewalls work with the Cisco VPN Client on the iPhone. We highly recommend the 8.0(x) software release or later, but you can also use the 7.2(x) software."

http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html

It mentions that at the bottom of the page...

Basically its preferred if your PIX-501 has 8.0 or later firmware installed. Then all things should work as its supposed to.
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Bill WarrenIT Manager

Author

Commented:
I decided to try to VPN to my Windows Server which I did connect the first time and after that I cannot through the PIX. However i can connect locally to the server. I have opended up port 1736. I just find it odd that I connected once through the WAN but cannot connect again.

Commented:
To allow inbound MS PPTP you have to allow inbound port 1723, and GRE protocol to a static one-to-one NATed address for your server.  

access-list acl-outside permit tcp any host 45.2.2.2 eq 1723
access-list acl-outside permit gre any host 45.2.2.2

where 45.2.2.2 is your NATed IP address of your windows server.
Bill WarrenIT Manager

Author

Commented:
Thanks those lines did the trick!

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.