How to configure Cisco ASA 5500 to work with the iPhone

We have Cisco ASA 5510 (latest firmware version), and apparently, according to Cisco website it is compatible with new iPhone 3G's IPSec client:
http://www.cisco.com/en/US/docs/security/vpnclient/cisco_vpnclient/iPhone/2.0/connectivity/guide/iphone.html
We've setup our first iPhone properly. It connects fine to the network, shows VPN connection as active. Gets a private IP address. But does not let any traffic go to the internal network. We thought it might be DNS problem, but it cannot connect to Exchange server even when using IP address instead of DNS. No luck either.
After checking ASA logs, we found that iPhone goes through Phase 1 authentication correctly. But then gives some kind of error, mentioning "Attribute 5".
Has anybody been successful configuring ASA5500 series (in particular 5510) to be used with iPhone?
I noticed that many people are having these problems.
Please do not post to this topic if you have ANY OTHER Cisco device.
Cisco specifies that iPhone is compatible only with Cisco ASA 5500 Security Appliances and PIX Firewalls. Neither Cisco IOS VPN routers nor the VPN 3000 Series Concentrators support the iPhone VPN capabilities.
Let's keep this topic only for users of ASA 5500 series and PIX Firewalls.
It would be extremely helpful for a large number of users if somebody posted a list of settings for ASA5500 or PIX firewall that DO work with iPhone 2.0
Thank you!
Oleg R

We found the solution and a bug in Cisco firmware (seems to be a bug).
First of all, thanks to our Chief Systems Architect Seb, here is a config that worked for us on a Cisco 5520 (latest firmware).
access-list iphone_splitTunnelAcl standard permit <insert ip> <insert mask>
access-list iphone_splitTunnelAcl standard permit <insert ip> <insert mask>
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set iphone esp-3des esp-sha-hmac
crypto ipsec transform-set iphone mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEMDEFAULT_CRYPTOMAP 65535 set pfs
crypto dynamic-map SYSTEMDEFAULT_CRYPTOMAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 iphone
crypto map outside_map 10 match address vpn
crypto map outside_map 10 set transform-set ESP-AES-256-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEMDEFAULT_CRYPTOMAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 20
 authentication pre-share
 encryption aes-256
 hash sha
 group 5
 lifetime 86400
crypto isakmp nat-traversal 20
group-policy iphone internal
group-policy iphone attributes
 wins-server value <insert ip> <insert ip>
 dns-server value <insert ip> <insert ip>
 vpn-tunnel-protocol IPSec
 ipsec-udp enable
 ipsec-udp-port 10000
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value iphone_splitTunnelAcl
 default-domain value <insert domain name>
tunnel-group iphone type remote-access
tunnel-group iphone general-attributes
 address-pool VPN-Pool
 authentication-server-group ActiveDirectory2
 default-group-policy iphone
tunnel-group iphone ipsec-attributes
 pre-shared-key <insert pre-shared key>
For iPhone you have to be using IPSec tab for configuration.
We tried to set up this config using the wizards, but it would not work.
Later it turned out that wizards by default set this setting:
"crypto isakmp nat-traversal 20"
equal to zero and there is no way to change it from the GUI.
Only after we changed it (increased the value from 0 to 20) through the command line the connection started working perfectly.
Please let me know how it works out for you.
Message was edited by: Rogik
Message was edited by: Rogik

Similar Messages

  • HT3310 how do i get my headphone to work with the iphone?

    how do i get my headphone to work with the iphone? Are there some settings
    that I need to turn on so I can use my headphone while talking on the phone?

    Are you using the earbuds that came with the iPhone? If you are using other earphones, it's possible that they need an adaptor to work with the iPhone's recessed headphone jack. 

  • How well does the wireless "Wild Charge" pad work with the iPhone?

    how well does the wireless "Wild Charge" pad work with the iPhone?

    I have tried similar things, and no, it has not become corrupted. So it should be fine

  • How do I make a hands free call with the iphone 4s?

    How do I make a hands free call with the iphone 4s?  I have a bluetooth car device and when I try to talk through it (as I did with my old phone) to call someone it does not work.  so far only hte last person called is redialed.

    That is a carrier-based service. So first you have to make sure your service contract includes that feature.
    It usually also includes Call Hold. So you call the first party, put them on hold, call the second, then reactivate the first. But only if your carrier allows you to.

  • "This accessory is not made to work with the iPhone"

    Makes sense right? Yes, that is if there's something plugged into it that the iPhone doesn't support. Problem is, there's NOTHING plugged into my phone. This message literally pops up every 5-10 seconds, and below the message it asks if I want to turn on airplane mode to reduce audio interference or something. Has anyone experienced this problem? I've heard of it being fixed by popping out the sim an popping it back in, didn't work - plugging in headphones an unplugging them, didn't work. Is my dock connector shorted? If that's the case I can just buy a new dock connector for $30 on ebay, take apart my phone an replace it an everything should be good then right?

    oswaldswell
    Posts: 1
    From: Shropshire
    Registered: Feb 24, 2010
    Re: "This accessory is not made to work with the iPhone"
    Posted: Feb 24, 2010 3:49 AM in response to: Dizzy714
    I too struggled with the same problem after updating some 5-6 apps on miphone the same day i upgraded itunes software to 9.1.1(12)
    lost volume from onboard speakers, volume control etc...
    after deleting the updated apps one by one, rebooting after each loss I found this post(among dozens) and tried plugging in The SAME cable from my hours worth of troubleshooting,syncing only This time into the Wall plug...
    Instant sound! from ipod/onboard speakers.
    THANX bunches to "Oswaldswell"
    not sure why or for how long...

  • Does the connector in the Universal dock work with the iPhone?

    My iPhone now has a thick rubber case making it too big for the iPhone dock.
    I have a old iPod universal dock but am not clear if it work with the iPhone. The connector looks similar except that the ends are not quite flush. Will it work?
    I don't want to damage a working device.
    Patrick

    I've used the universal dock with my iPhone, but it isn't all that stable. You can also just connect the dock connector cable directly to the bottom of the phone; you don't have to use a dock.

  • Do these headphones work with the iPhone 3G

    http://store.apple.com/us/product/MA662G/B
    these are the new headphones that came out with the most recent ipods. they are the ones with the volume buttons on the headphones. do they work with the iPhone 3G

    http://store.apple.com/us/product/MA662G/B
    These are the new headphones that came out with the most recent ipods. They are the ones with the volume buttons on the headphones. Do they work with the iPhone 3G?
    Are you sure that is the correct link? There is no mention of volume conrol. They seem to be exacty the same as the ones that come with the 3G iPhone execpet there is no microphone or control button.
    <http://store.apple.com/us/product/MA814LL/A?fnode=MTY1NDA1MA&mco=MjM2OTAwMA>
    They are the same price too.
    You probably mean the new Apple In-Ear Headphones
    <http://www.apple.com/ipod/inearheadphones/>
    <http://store.apple.com/us/product/MA850?intcmp=AIC-WWW-NAUS-BUYNOW-FOOT-INEARHE ADPHONE-080910>
    They are not yet available ("Coming Soon"), so nobody knows if they will work with the iPhone. Probably everything but the volume control will work. They do have a microphone and control button.
    Meanwhile you can get the Sennheiser MM50 from Apple
    <http://store.apple.com/us/product/TR530VC/A?fnode=MTY1NDA1MA&mco=MjM2OTAwMQ>
    (The cord for the second earphone goes behind your head, not undr your chin.)

  • Will ipod car adapter work with the iphone??

    ???

    I bought my iPhone yesterday at an Apple Store and the guy who helped me said if I already have a car charger for my iPod then it would work with the iPhone and I wouldn't need to buy another one.
    iPhone 8 gig | G5   Mac OS X (10.4.10)  

  • Will the motorola H620 Bluetooth work with the Iphone 5?

    Will the motorola H620 Bluetooth work with the Iphone 5?

    if it support any of the following bluetooth profiles
    http://support.apple.com/kb/HT3647?viewlocale=en_US&locale=en_US

  • Does the Pocket Projector by Brookstone work with the iphone 5?

    Does the Pocket Projector by Brookstone work with the iphone 5 ?

    I have the Brookstone DLP Pico projector. I purchased it from EBay not too long ago. It worked before with the previous version of Apples iOS. I would view netflix, youtube, and videos.. I have an iphone4.
    Now with the latest update to ios7, tried it last evening with netflix and youtube, it does not work at all! This is rediculous, restricting access to something we had access to before

  • Any portable battery packs that work with the iPhone?

    I'll be doing a lot of "line waiting" next week and would like to use the iPhone for entertainment (internet/movie watching). I believe they're rated to last about 6-7 hours but I haven't been getting that much from mine (I'd also want something as a backup in case my battery dies on me and I'm not by a charger (or have the time to let it charge)).
    I've seen portable battery packs for the ipod (that plug into the dock connector) but do any work with the iPhone?

    I haven't tried one, but I think it's extremely likely that it would work. All the reports are that every iPod charging accessory - wall adapters, car adapters - works with iPhone.

  • Does the plantronics marque m155 work with the iphone 4S?

    does the plantronics marque m155 work with the iphone 4S? can you use siri with the bluetooth headset

    http://www.apple.com/support/headset/

  • How come u dont get a cleaning cloth with the iphone any more

    how come u dont get a cleaning cloth with the iphone any more

    Apple doesn't read these forums.
    Submit your suggestion at http://www.apple.com/feedback

  • Will iPhone 4s parts work with the iPhone 4?

    I recently bought a factory unlocked iPhone 4. The volume buttons and the lock button don’t work. The battery is also very swollen and runs hot. At the moment, this phone is stuck in the recovery mode loop. I also have an iPhone 4s. It’s locked so it’s of no use to me. Can the iPhone 4s’ volume buttons, lock button and battery work with the iPhone 4? I do not live in a country with Apple stores. Both phones are out of warranty. Help is much appreciated

    I Have not seen or heard of such a keyboard. The iPad is not designed to accommodate a mouse, since there is no cursor to move as in traditional computer.

  • How does it work with the iphone

    i bought a time capsule but i don't know how to use it with the iphone, ipod, or ipad.  can you please tell me the uses for those devices and how to use them?

    TC has no direct relevance to any of the iOS devices..
    They backup to iTunes on the computer, which is then backed up by Time Machine to the Time Capsule.
    You can access files if you load an app like file browser.. but TC is not a media server .. it is a dumb hard disk and other than saving files there is nothing useful to do with the TC.

Maybe you are looking for

  • How do I put my name in my iphone?

    hi! I bought Iphone 5 a few days ago, and I have not put my name in it. How do I do it?

  • IMac got switched to Russian language

    I have a friend across the country, 85 yrs old and she accidentally switched the language on her Mac (running Leopard) to Russian. I tried to change it back to English in the International System Preferences over iChat Desktop Sharing but we could no

  • How o unsubscribe a Live Bookmark feed I no longer want?

    I subscribed to a website using Live Bookmarks for notice of audio teachings, which I no longer want to receive. I have the folder with the feeds as part of my BOOKMARKS file. How do I unsubscribe Live Bookmarks? I'm running FF 3.6.16 w/XP Thanks.

  • Add pictures to my gallery

    I just got a replacement phone, how to I add pictures to my Samsung galaxy s4 gallery from the Verizon cloud?

  • Java 6

    Hi, I need Java 6 on my Mac but cannot find it anywhere. Thoughts, anyone ?