cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2191
Views
0
Helpful
5
Replies

android and pix 501

jgadbois
Level 1
Level 1

Has anyone successfully configured a Pix 501 to communicate to a LG Pheonix (I'm assuming android OS) via a L2TP/IPSEC vpn?

5 Replies 5

seanwaite
Level 1
Level 1

Yes, I have a Samsung Infuse (Android Froyo) connected to ASA5510 and ASA5505. Because of the way our L2TP RA are set up I had to edit init.rc located in the root of the filesystem, and then added routes to the remote network.

For the Android settings I simply set the VPN name, ASA Address, and then PSK and connected (prompted for log in of course).

I should add that if you need to add static routes to your device, you will need to root it. I had to root my device, then copy init.rc to SD card and edit it, then copied it back overwriting the old. Once that was done I could access the remote side.

If your not familiar with how to root your device I would suggest taking a look at tutorials and FAQs over at XDA forum - http://forum.xda-developers.com/forumdisplay.php?f=836. Looks like the LG Phoenix is under LG Optimus/P500 section.

Actually I was looking for a sample config for a Pix 501.  I've found some for the ASA and tried modifying them for the 501 with little success (changing IKE and IPSEC parameters).  It's funny, but Sonicwall has a tech article specifically dealing with the Android OS with all of the steps necessary to make a connection.

Seems like such a simple question but I guess no one has ever tried this.  I'm now wondering if it's even possible?

Nobody....Anybody?  Okay, I now declare that a Pix 501 and Android cannot connect!

seanwaite
Level 1
Level 1

Our current working config relevent to L2TP:

access-list NO_NAT extended permit ip 10.10.1.0 255.255.255.0 192.168.100.0 255.255.255.0

access-list REMOTE_RA extended permit ip any 192.168.100.0 255.255.255.0

nat (Inside) 0 access-list NO_NAT

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set TRANS_ESP_3DES_SHA TRANS_ESP_3DES_MD5 TRANS_ESP_AES128_SHA TRANS_ESP_AES192_SHA ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map OUTSIDE_MAP 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map OUTSIDE_MAP interface Outside

crypto isakmp enable Outside

crypto isakmp policy 10

authentication pre-share

encryption aes

hash sha

group 1

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 40

authentication pre-share

encryption 3des

hash sha

group 1

lifetime 86400

crypto isakmp policy 50

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp policy 70

authentication pre-share

encryption 3des

hash md5

group 1

lifetime 86400

group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

dns-server value 10.10.1.20 10.10.1.23

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

split-tunnel-network-list value REMOTE_RA

default-domain value ******.com

tunnel-group DefaultL2LGroup ipsec-attributes

isakmp keepalive threshold 15 retry 2

tunnel-group DefaultRAGroup general-attributes

address-pool L2TP

default-group-policy DefaultRAGroup

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *****

isakmp keepalive threshold 15 retry 2

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: