Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

android and pix 501

Has anyone successfully configured a Pix 501 to communicate to a LG Pheonix (I'm assuming android OS) via a L2TP/IPSEC vpn?

5 REPLIES
New Member

android and pix 501

Yes, I have a Samsung Infuse (Android Froyo) connected to ASA5510 and ASA5505. Because of the way our L2TP RA are set up I had to edit init.rc located in the root of the filesystem, and then added routes to the remote network.

For the Android settings I simply set the VPN name, ASA Address, and then PSK and connected (prompted for log in of course).

I should add that if you need to add static routes to your device, you will need to root it. I had to root my device, then copy init.rc to SD card and edit it, then copied it back overwriting the old. Once that was done I could access the remote side.

If your not familiar with how to root your device I would suggest taking a look at tutorials and FAQs over at XDA forum - http://forum.xda-developers.com/forumdisplay.php?f=836. Looks like the LG Phoenix is under LG Optimus/P500 section.

New Member

android and pix 501

Actually I was looking for a sample config for a Pix 501.  I've found some for the ASA and tried modifying them for the 501 with little success (changing IKE and IPSEC parameters).  It's funny, but Sonicwall has a tech article specifically dealing with the Android OS with all of the steps necessary to make a connection.

New Member

android and pix 501

Seems like such a simple question but I guess no one has ever tried this.  I'm now wondering if it's even possible?

New Member

android and pix 501

Nobody....Anybody?  Okay, I now declare that a Pix 501 and Android cannot connect!

New Member

android and pix 501

Our current working config relevent to L2TP:

access-list NO_NAT extended permit ip 10.10.1.0 255.255.255.0 192.168.100.0 255.255.255.0

access-list REMOTE_RA extended permit ip any 192.168.100.0 255.255.255.0

nat (Inside) 0 access-list NO_NAT

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set TRANS_ESP_3DES_SHA TRANS_ESP_3DES_MD5 TRANS_ESP_AES128_SHA TRANS_ESP_AES192_SHA ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map OUTSIDE_MAP 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map OUTSIDE_MAP interface Outside

crypto isakmp enable Outside

crypto isakmp policy 10

authentication pre-share

encryption aes

hash sha

group 1

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 40

authentication pre-share

encryption 3des

hash sha

group 1

lifetime 86400

crypto isakmp policy 50

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp policy 70

authentication pre-share

encryption 3des

hash md5

group 1

lifetime 86400

group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

dns-server value 10.10.1.20 10.10.1.23

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

split-tunnel-network-list value REMOTE_RA

default-domain value ******.com

tunnel-group DefaultL2LGroup ipsec-attributes

isakmp keepalive threshold 15 retry 2

tunnel-group DefaultRAGroup general-attributes

address-pool L2TP

default-group-policy DefaultRAGroup

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *****

isakmp keepalive threshold 15 retry 2

1532
Views
0
Helpful
5
Replies