Link to home
Create AccountLog in
Avatar of Bill Warren
Bill WarrenFlag for United States of America

asked on

VPN from ipad to Cisco PIX-501

Is is possible to VPN to a PIX-501 from my ipad... in the ipsec config on the ipad it is asking me for Server, account, password, Group Name, and Secret... however with my VPN client I am just used to needing a server address, username and password is it possible to connect to the PIX?
Avatar of Adrian Cantrill
Adrian Cantrill
Flag of Australia image

have you tried just entering servername username and password and attempting a connection ?
Avatar of Bill Warren


Yeah it says i need to enter a secret... I have no secret to add... if I just add anything it does accept it
what type of VPN have you configured on the PIX ? what protocol etc. Secrets are generally used for site2site VPN links .. odd why the ipad is prompting for that.
and you have configured it as a remote access VPN and not site to site ?
I have it working with both VPN clients and Site to Site VPN there is no "Secret" with the site to site either
Straight from the cisco site:

"The Cisco ASA 5500 series and PIX Firewalls work with the Cisco VPN Client on the iPhone. We highly recommend the 8.0(x) software release or later, but you can also use the 7.2(x) software."

It mentions that at the bottom of the page...

Basically its preferred if your PIX-501 has 8.0 or later firmware installed. Then all things should work as its supposed to.
Avatar of gavving
Flag of United States of America image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I decided to try to VPN to my Windows Server which I did connect the first time and after that I cannot through the PIX. However i can connect locally to the server. I have opended up port 1736. I just find it odd that I connected once through the WAN but cannot connect again.
To allow inbound MS PPTP you have to allow inbound port 1723, and GRE protocol to a static one-to-one NATed address for your server.  

access-list acl-outside permit tcp any host eq 1723
access-list acl-outside permit gre any host

where is your NATed IP address of your windows server.
Thanks those lines did the trick!