10-25-2011 09:24 AM
Has anyone successfully configured a Pix 501 to communicate to a LG Pheonix (I'm assuming android OS) via a L2TP/IPSEC vpn?
10-25-2011 10:53 AM
Yes, I have a Samsung Infuse (Android Froyo) connected to ASA5510 and ASA5505. Because of the way our L2TP RA are set up I had to edit init.rc located in the root of the filesystem, and then added routes to the remote network.
For the Android settings I simply set the VPN name, ASA Address, and then PSK and connected (prompted for log in of course).
I should add that if you need to add static routes to your device, you will need to root it. I had to root my device, then copy init.rc to SD card and edit it, then copied it back overwriting the old. Once that was done I could access the remote side.
If your not familiar with how to root your device I would suggest taking a look at tutorials and FAQs over at XDA forum - http://forum.xda-developers.com/forumdisplay.php?f=836. Looks like the LG Phoenix is under LG Optimus/P500 section.
10-27-2011 07:53 AM
Actually I was looking for a sample config for a Pix 501. I've found some for the ASA and tried modifying them for the 501 with little success (changing IKE and IPSEC parameters). It's funny, but Sonicwall has a tech article specifically dealing with the Android OS with all of the steps necessary to make a connection.
10-28-2011 12:18 PM
Seems like such a simple question but I guess no one has ever tried this. I'm now wondering if it's even possible?
10-30-2011 09:04 AM
Nobody....Anybody? Okay, I now declare that a Pix 501 and Android cannot connect!
10-31-2011 12:37 PM
Our current working config relevent to L2TP:
access-list NO_NAT extended permit ip 10.10.1.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list REMOTE_RA extended permit ip any 192.168.100.0 255.255.255.0
nat (Inside) 0 access-list NO_NAT
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set TRANS_ESP_3DES_SHA TRANS_ESP_3DES_MD5 TRANS_ESP_AES128_SHA TRANS_ESP_AES192_SHA ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map OUTSIDE_MAP 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map OUTSIDE_MAP interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication pre-share
encryption 3des
hash sha
group 1
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 70
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 10.10.1.20 10.10.1.23
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
split-tunnel-network-list value REMOTE_RA
default-domain value ******.com
tunnel-group DefaultL2LGroup ipsec-attributes
isakmp keepalive threshold 15 retry 2
tunnel-group DefaultRAGroup general-attributes
address-pool L2TP
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
isakmp keepalive threshold 15 retry 2
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: