Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Cisco ASA 55xx IPSec with iPhone

Cisco ASA 55xx IPSec with iPhone

Cisco ASA 55xx IPSec with iPhone

I've a project to enable VPN access with the latest iPhone 3G(S) to our internal networks.   The stock configuration does not work -- it appears also that there are certain items you can't modify (proposals, etc).

I found an older link which may be helpful, that has a config at the end:


Most of the configuration they show there is fairly standard.

I'm not (yet) an ASA expert...

First, I wonder if anyone else here has worked on solving this problem; and, if so, what you did to get this working.

We have basically one splitTunnelAcl group defined which has characteristics that apply to the general client IPSec VPN (address pool, etc).

What I don't really understand here with the config at the above URL (for example) is the need to create a separate group and if that's the case, will we need to include VPN account logins into that group, or will the others work... or can users be members of multiple groups.

I'd really appreciate some assistance getting this working -- it's been a big frustration.

Thank you in advance.

RE: Cisco ASA 55xx IPSec with iPhone

Small note, we have:

crypto isakmp nat-traversal 10

vs 20.

and we don't use any wins servers, being mostly a UNIX shop


RE: Cisco ASA 55xx IPSec with iPhone

what does your config look like?? i've got iphone 3gs' working on multiple 5505's and a 5510

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

RE: Cisco ASA 55xx IPSec with iPhone

Which part of the config do you need - I think posting an entire config here might be noisy.  There are minor differences, such as the nat-traversal number (ours is 10).

I noticed you can't configure the IKE proposals under the iPhone, etc.  The client has limited configurability (is that a word).

I also understand that the iPhone requires MSCHAP.  We also don't have the ASA configured to route all the client traffic, just the traffic that applies to our internal networks (we don't want to be an ISP).  I read somewhere that the iPhone pretty much requires this (all traffic).

RE: Cisco ASA 55xx IPSec with iPhone

I had this issue as well and what stopped me was the ASA IOS version must be 8.0 or higher. Try that first  

RE: Cisco ASA 55xx IPSec with iPhone

I have seen configs that when posted look like they would bring Tek-Tips servers to their knees...lol

Don't worry about how long the config is---most of the time, we cannot think of all pertinent info we may need to help your situation...


tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close