The PIX will need to be running 8.x code or later. Below is a sample configuration that has worked for other iPad customers on an ASA.
crypto ipsec transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto isakmp policy 10
crypto isakmp nat-traversal
group-policy BasicPolicy internal
group-policy BasicPolicy attributes
username basic password uc/Xo0s4BJ1CCT.d encrypted
tunnel-group DefaultRAGroup ipsec-attributes
tunnel-group Basic type remote-access
tunnel-group Basic general-attributes
tunnel-group Basic ipsec-attributes
I have a question concerning VPN and iPad or iPhone.
I have a configuration which works with VPN client on a computer and also on iPad or iPhone.
But on these two last the lifetime parameter is not supported. The value is fixed to 1 hour. (even if in the router the value is 12 hours).
This seems to be a bug ... could you tell me if a solution exists?
Unfortunately this would be a question for Apple as they directly support the IPSec client on the iPhone and iPad devices. Their support information is included below.
•For Apple iPhone configuration information, please visit the Apple support area at:
•Configure your Cisco security appliance exactly as you would to support connections from the Cisco VPN Client (IPSec).
Apple directly supports the Cisco VPN Client on the iPhone, including the new 3.x functionality.
To receive support, please contact Apple at Consumer Technical Support:
800-APL-CARE (800-275-2273), 8:00 a.m. to 8:00 p.m. Central Standard Time
•Cisco ASA 5500 Security Appliances and PIX Firewalls. We highly recommend the latest 8.0.x software release (or greater), but you can also use 7.2.x software.
•Cisco routers running IOS Release 12.4(15)T and later.
The VPN 3000 Series Concentrators do not support the iPhone VPN capabilities.
did you've noticed this Cisco document: "
We do not support VPN access from the Apple iPad at this time."
Supported VPN Platforms, Cisco ASA 5500 Series (Revised: Aug 13, 2010, OL-19674-21)
I was actually the person who raised the bug to have the documentation updated. Officially, the iPad has never been tested but "should" work. Having not been officially test, we cannot claim support. Speaking from practical experience dealing customers day in and day out, I have seen customers successfully connect iPads to an ASA.