know if any of the SA500 series routers work we the iPad built in Cisco VPN connection? I have read only quickvpn and another brand. I checked the IPSec log and i see............. 2010-09-08 16:18:09: ERROR: Could not find configuration for....................
Thanks in advance
In build Cisco VPN Client on MAC / iPad is currently not supported on SA500 series router. You can download 'IPSecuritas' VPN client for MAC and can find the technical document (Configuring an IPSec VPN Tunnel between a Cisco SA500 and Mac IPSecuritas Client) on www.cisco.com
QuickVPN client is remote VPN solution for Windows based platform.
Are you referring to Cisco VPN client solution for Apple based devices?
The new firmware (2.1.18.img) of SA500 released earlier this month has support for Cisco VPN client for both MAC and Windows products.
Yes, this works fine with an iPhone. The "Group Name" on the iPhone / iPad side must match the "Connection Name" given to the VPN Wizard ("Remote Access" VPN type) on the SA side: it will create an IKE Policy and a VPN Policy, both identified by this name.
However, it seems that the SA firmware implementation of ModeConfig has a problem with DNS (cf. https://supportforums.cisco.com/thread/2066265?tstart=10) and you may need to provide the IP address of the host you want to connect to.
Thank for the tip, I can now connect to the router, but for some reason i dont seem to be able to connect to lan based services through for example the browser. nor can i ping into the lan
We would like to provide the steps for how to configure SA500 device compatible with ipad/iphone built in Cisco IPSec VPN client.
1. Login to SA500 and go to VPN Wizard page.
2. Select VPN Type as "Remote Access".
3. Enable "Cisco VPN Client Option" and configure the required details. Please refer the attached screen shot named "VPN Configuration".
4. Edit IKE policy and change the exchange to Main mode. Please refer the attached screen shot named "IKE Policy_Main Mode".
5. Go to IPSec Users page and add user entry by selecting Remote Peer Type as "Standard IPsec (XAUTH)". Please refer the attached screen shot
named "IPSec Users".
6. Connect ipad/iphone built in Cisco VPN client to SA500.
7. Open browser in ipad/iphone and access the LAN sub net behind SA500.
We have tested with IOS - 4.2.1 in ipad and iphone and SA500 build 2.1.18.
If you are still facing LAN connectivity issues then we request you to provide dbglogs along with issue details. To get the dbglogs please log onto SA500 web UI and in the URL type https://IP_address_of_SA500/scgi-bin/dbglog.cgi
Please change or remove any password information as the dbglogs file will contain them. In case you are not comfortable posting the dbglogs on the community, you can send it to me through email or private message.
Hi - I had the same issue; thanks for the response and fix. I can now get connected; but, I can't seem to access anything on my internal (192.168.1.0/24) network. I keep getting timeouts - I don't have an internal DNS, so I'm using ip addresses, but still nothing works. Also, when I look at the SA520, I can't see any evidence in the status screens that the iPhone is actually connected and has an IP address (the VPN log indicates it is; but....).
Thanks in advance for any assistance!
To check if you are really connected from your iPhone / iPad and how you are connected to your VPN, you can find useful information from the iPhone / iPad itself :
Settings (Preferences) > General > Network > VPN > Status
(my iPhone menus are in french, so I can't be sure of the words used in english or in other languages). If you are note connected, neither the "Status" box is available nor the [VPN] indicator is displayed in the upper iPhone status bar.
From there, you can see the VPN server name, its IP public address (before NATing if your SA520 is behind a NATing equipment), and the IP address assigned to your iPhone. The latter one *must not* belong to your LAN (192.168.1.0/24) because the SA520 wont't be able to do its routing job.
You can change the address range assigned to VPN clients from the SA520:
VPN > Dynamic IP Range
then, you must reboot the SA520.
I can see it get connected, and get an IP address; but, several of the iPhone apps I have that try to access other servers on my local lan don't seem to work (timeouts). I'm wondering if there are some firewall settings or something else I need to do.
I'm going to try to find an ssh client now and see if I can make that work; to see if it's a problem with the application, or the Cisco.