Solved

VPN from ipad to Cisco PIX-501

Posted on 2010-11-08
11
3,073 Views
Last Modified: 2012-05-10
Is is possible to VPN to a PIX-501 from my ipad... in the ipsec config on the ipad it is asking me for Server, account, password, Group Name, and Secret... however with my VPN client I am just used to needing a server address, username and password is it possible to connect to the PIX?
0
Comment
Question by:afsfire
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 20

Expert Comment

by:woolnoir
ID: 34087737
have you tried just entering servername username and password and attempting a connection ?
0
 

Author Comment

by:afsfire
ID: 34087770
Yeah it says i need to enter a secret... I have no secret to add... if I just add anything it does accept it
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34088284
what type of VPN have you configured on the PIX ? what protocol etc. Secrets are generally used for site2site VPN links .. odd why the ipad is prompting for that.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:afsfire
ID: 34088311
ipsec
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34088327
and you have configured it as a remote access VPN and not site to site ?
0
 

Author Comment

by:afsfire
ID: 34088346
I have it working with both VPN clients and Site to Site VPN there is no "Secret" with the site to site either
0
 
LVL 2

Expert Comment

by:kingdingathing
ID: 34090834
Straight from the cisco site:

"The Cisco ASA 5500 series and PIX Firewalls work with the Cisco VPN Client on the iPhone. We highly recommend the 8.0(x) software release or later, but you can also use the 7.2(x) software."

http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html

It mentions that at the bottom of the page...

Basically its preferred if your PIX-501 has 8.0 or later firmware installed. Then all things should work as its supposed to.
0
 
LVL 9

Accepted Solution

by:
gavving earned 500 total points
ID: 34096656
A PIX 501 cannot support anything higher than 6.3.5.  So don't go try loading 8.0 on it.  

There actually is a 'secret' pre-shared-key password configured for IPSec VPN clients on your PIX-501.  If you looked at the config under the 'vpngroup' section there would be a line that indicated the password.  But it will be stared out and you won't be able to read it.  Likewise the PCF files you're using for your Cisco VPN client are likely already configured with this pre-shared-key password.  

If you don't know what it is, you can try to get it by using TFTP to save a copy of the configuration to a TFTP server.  The file that's created on the TFTP server will have the password saved in clear text.

Whether or not the Ipad/Iphone will work correctly against the PIX with 6.3.5, I'm not positive that it will.  You might have to upgrade to an ASA-5505 to support it.
0
 

Author Comment

by:afsfire
ID: 34097251
I decided to try to VPN to my Windows Server which I did connect the first time and after that I cannot through the PIX. However i can connect locally to the server. I have opended up port 1736. I just find it odd that I connected once through the WAN but cannot connect again.
0
 
LVL 9

Expert Comment

by:gavving
ID: 34097372
To allow inbound MS PPTP you have to allow inbound port 1723, and GRE protocol to a static one-to-one NATed address for your server.  

access-list acl-outside permit tcp any host 45.2.2.2 eq 1723
access-list acl-outside permit gre any host 45.2.2.2

where 45.2.2.2 is your NATed IP address of your windows server.
0
 

Author Comment

by:afsfire
ID: 34097587
Thanks those lines did the trick!
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
nexus filter logs 3 42
Is it possible to use 1 DNS server for Site to Site VPN and 1 for Internet traffic? 8 35
CISCO Router 1 29
AWS Design\Cisco Meraki 4 20
In this article we will discuss some EI Capitan Mail app issues and provide some manual process to resolve them.
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now