Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

Cisco Router vs. iPhone 4S VPN

Hello,

I'm trying to set up a VPN connection between an iPhone 4S an a Cisco Router, but it doesn't work, but why????

The configuration I've used is this on:

...

aaa authentication login VPN_AUTH local-case

...

username myusername secret 5 asdasd......

...

crypto logging session

!

crypto isakmp policy 10

encr aes 256

authentication pre-share

group 2

crypto isakmp keepalive 10

crypto isakmp nat keepalive 20

crypto isakmp xauth timeout 90

!

crypto isakmp client configuration group CRYPTO_REMOTE_CLIENT

key mYkEy

dns 10.10.1.2

domain intra.local

pool REMOTE_POOL

acl 102

save-password

max-users 10

max-logins 10

crypto isakmp profile CRYPTO_ISAKMP_PROFILE

   match identity group VPN_CLIENT

   client authentication list VPN_AUTH

   isakmp authorization list VPN_AUTH

   client configuration address initiate

   client configuration address respond

!

!

crypto ipsec security-association idle-time 3600

!

crypto ipsec transform-set VPN_SET esp-aes 256 esp-sha-hmac

!

crypto dynamic-map CRYPTO_DYNAMIC_MAP 10

set transform-set VPN_SET

!

!

crypto map CRYPTO_MAP local-address Dialer0

crypto map CRYPTO_MAP client authentication list userauthen

crypto map CRYPTO_MAP isakmp authorization list groupauthor

crypto map CRYPTO_MAP client configuration address respond

crypto map CRYPTO_MAP 65535 ipsec-isakmp dynamic CRYPTO_DYNAMIC_MAP

...

interface dialer 0

description "-> WAN"

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname .asdasdasd...as.d

ppp chap password 7 asdasdasd...as.d

crypto map CRYPTO_MAP

...

ip local pool REMOTE_POOL 192.168.1.0 192.168.1.20

...

access-list 102 remark --- VPN ---

access-list 102 permit ip 10.0.0.0 0.0.0.3 192.168.1.0 0.0.0.255

1 REPLY
Bronze

Re: Cisco Router vs. iPhone 4S VPN

Solved by my self

aaa authentication login CRYPTO_ISAKMP_CLIENT local

aaa authorization network CRYPTO_ISAKMP_CLIENT local

!

! <-- Username and password

username secret                                   

!

crypto logging session

!

crypto isakmp policy 1

  encr aes 256

  authentication pre-share

  group 2

  lifetime 3600

  crypto isakmp keepalive 10

  crypto isakmp nat keepalive 20

  crypto isakmp xauth timeout 90

!

!   <-- Groupname that must be used on the iPhone

crypto isakmp client configuration group CRYPTO_ISAKMP_CLIENT

!   <-- SharedSecret that must be used on the iPhone

  key                                          

  dns

  domain

  pool VPN-POOL

  save-password

!

crypto ipsec security-association lifetime seconds 86400

crypto ipsec security-association idle-time 3600

!

crypto ipsec transform-set VPN-TRANSFORMSET esp-aes 256 esp-sha-hmac

!

!

crypto dynamic-map CRYPTO_ISAKMP_CLIENT 1

  set transform-set VPN-TRANSFORMSET

  reverse-route

!

crypto map STATIC_CRYPTO_MAP local-address Dialer0

crypto map STATIC_CRYPTO_MAP client authentication list CRYPTO_ISAKMP_CLIENT

crypto map STATIC_CRYPTO_MAP isakmp authorization list CRYPTO_ISAKMP_CLIENT

crypto map STATIC_CRYPTO_MAP client configuration address respond

crypto map STATIC_CRYPTO_MAP 1 ipsec-isakmp dynamic CRYPTO_ISAKMP_CLIENT

!

interface Dialer0

  crypto map STATIC_CRYPTO_MAP

!

ip local pool VPN-POOL 10.0.0.250 10.0.0.254

1431
Views
5
Helpful
1
Replies
CreatePlease to create content