Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco VPN IPSec for Apple Iphone

We have some users that want to connect to our network using the Iphone. They belong to Tech and are trusted. I can get it so the Iphone connects to the ASA an authenticates against our server but once on it can't browse anywhere. It gets an IP on the 192.168.10.x network which is our main network. In the config I have a tunnel group setup marked xx.xx.xx that is a Site-To-Site tunnel that works. The TermServer/WebVPN is something that was setup by an outside vendor and the DefaultRAGroup somebody was fiddling around with. The tunnel group I setup is called iphone.

5 REPLIES
New Member

Re: Cisco VPN IPSec for Apple Iphone

Sorry here is my config

Green

Re: Cisco VPN IPSec for Apple Iphone

1. The vpn client pool should always be a separate subnet from inside.

ip local pool iphonepool 172.16.x.1-172.16.x.254 mask 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 172.16.x.0 255.255.255.0

tunnel-group iphone general-attributes

authentication-server-group RadiusServer

default-group-policy iphone

address-pool iphonepool

2. Add "crypto isakmp nat-traversal".

New Member

Re: Cisco VPN IPSec for Apple Iphone

Thanks for the response. I can now with your configuration changes get onto our network and can get around our network fine using IP's or hostnames so I know DNS works. But the second I try to access the internet it can't get outside. Do I need to put a route somewhere on my network? Normally anybody that plugs into our network can get onto the internet fine. I don't think I need to do split tunnels or anything.

Green

Re: Cisco VPN IPSec for Apple Iphone

So if I understand correctly, you want to access the internet with the iphone while you are connected to the vpn? You can either split tunnel or setup something like this...

same-security-traffic permit intra-interface

global (outside) 1 interface

nat (outside) 1 172.16.x.0 255.255.255.0

Please rate helpful posts.

New Member

Re: Cisco VPN IPSec for Apple Iphone

I just did split tunneling and it works very well. Thanks.

644
Views
0
Helpful
5
Replies
CreatePlease to create content