There's a mobile version of our website.
I am trying to connect to our environment through Cisco Remote Access IPSec VPN from iPhone 4. Below are the versions
iPhone OS : 4.2.1
Cisco VPN: ASA5520, version 8.0(5)
I am able to connect successfully however I cannot connect to any server after VPN is established.
At the same time, I am able to connect over VPN via any internet PC. The difference I have observed till now is that when an Internet PC connects, the protocol encryption on ASDM shows 'IKE IPsecOverNatT 3DES' for the active session. On the other hand, when I connect through iPhone the protocol encryption is 'IKE IPsec 3DES'.
Is it possible to force iPhone to connect on IPsecOverNatT. Please suggest.
How, did you make the test to server?
As far as I know, IP* has problem with DNS, so for example to connect via RDP, you have to use ip address of machine.
And about IPsecOverNatT or IPsec withou NAT, it depends on where you are located - if behind NAT, so it will be IPsecOverNat. If you are "directly on internet" so it will be without NAT.
May I ask, why do you want IPsecOverNatT?
Thanks for replying.
I succesfully connected to the office VPN (ASA5520) through the iPhone and was assigned the correct private IP from VPN pool.
Then I started the WYSE PocketCloud Pro application (pretty good for RDP) and created a manual connection against the private IP. I am not able to connect via the manual connection. The reason I am focusing on IPSecOverNATt is coz that is the only obvious difference in the connection I can notice. Hence, I would like the iPhone connect (current IKE over IPSec) to be IPSecOverNATt to rule out any issues due to different settings.
Secondly, the same PocketCloud application is able to connect through the non-manual auto-discovery mode but that is dependent on external factors such as installing a component on the remote machine and simultaneous logins into gmail account from client as well as server (strange).
Does iPhone support NAT-T. Is there any detailed guideline from Cisco or iPhone on how to make this work or any specific config for iPhone support. I believe it is almost there as VPN is connected and IP is assigned. Only the connectivity to the end destination has to be established.
Thanks for assistance.
I successfully connect to the VPN from iPhone (i.e. Phase 1 and Phase 2).
However, I do not see any newly generated connections in the ASA log after the tunnel is established. Whereas in case of VPN connection from a PC all RDP etc other connections can are shown in the logs.
Looks like iPhone is not sending out connections after the VPN is established.
How can I debug this problem. Any clue/hint is appreciated.
Can you tell me which VPN gateway that you are using ??
To the outside interface of your VPN gateway whether the following ports are opened.
Similarly tell me whether you have IPSec VPN and AnyConnect VPN configured on the same VPN gateway??
VPN gateway is ASA5520, version 8.0(5)
All the VPN ports are open because the same VPN configurations work for outside PC clients. iPhone is also assigned private IP from the same pool and the tunnel does get established.
Only IPSec VPN is configured on the ASA.
Please find below the requested information
group-policy vpnpolicy internal
group-policy vpnpolicy attributes
dns-server value x.x.x.x
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
split-tunnel-network-list value vpnpolicy_splitTunnelAcl
access-list vpnpolicy_splitTunnelAcl standard permit any
Thanks for the help. Hope to get the iPhone working over VPN.
I have almost the same configuration as you have - and it works.
There is only one difference - split-tunnel.
Can you try your IPhone traffic have fully tunneled?
I am having the same issues as discussed here, can you please clarify where you configured all traffic to be tunneled for the iphone as on my ASA the policy is set to Tunnel all networks and when connecting with a pc client it works. From the Iphone it establishes the VPN but the Iphone cannot communicate with any internal host (as if all traffic is not been tunneled)
Login to share your discussion activity with your friends on Facebook. You can control what you share and turn off sharing anytime.
Your Facebook friends can now see that you have started this discussion
Your Facebook friends can now see that you have commented on this discussion
Your Facebook friends can now see that you have read this discussion