No announcement yet.

iPhone IPSec Mobile Client

  • Filter
  • Time
  • Show
Clear All
new posts

  • iPhone IPSec Mobile Client


    We have been using IPsec and the Shrewsoft mobile clients for sometime now with no problems at all, however I am now investigating using iPhones / iPads to access our network. I have managed to connect and download the VPN configuration using my iPhone, but when I turn the VPN On, I get a message saying 'The VPN server did not respond'. I have looked at the IPSec Client Configuration in the settings on the iPhone and can see the IP Address appears to be OK, I can also see the Signing Certificate details.

    Is there something else I need to do extra to our normal IPSec VPN settings on our firewall? I am using the same User account that I use for my Shrewsoft client.

    PS We are running OS 6.0.4

    I hope someone can help

    Last edited by churchs; 2012-09-14, 04:21.

  • #2
    More than likely your encryption settings are too high for the Mobile OS used in those devices.
    Try the following:
    1) Create a custom Encryption Object using AES-128, Sha1, No Key Group (none)
    2) Create a custom IPSec Object with:
    --Phase 1
    Aggressive mode
    3DES, SHA1, GRP2
    480 minutes lifetime
    30 Sec DPD
    --Phase 2
    AES-128, Sha1, No Key Group (none)
    480 minutes lifetime

    After creating the above, use this object in the IPSec section. This will work for both IPSec and L2TP.

    I remember the default Object didnt work for me in the beginning. The above is what I found in my firewall and it works fine. Hope this works for you.


    • #3
      Hi Rick,
      Many thanks for your reply. When you say "use this object in the IPSec section" are you refering to the Configure,VPN, Remote Access, IPSec section? If so, I have created the Objects you suggested above and then altered the IPSec section to pickup the new IPsec object. Unfortunately, I got the same response on my iPhone. I wasn't sure either whether this change would affect my other VPN users so I have reset to the original settings.
      If you have any more ideas, I would like to keep trying.




      • #4
        Hi Steve,

        I apologize. Yes changing the IPSec Object in remote access IPsec will require that all the VPN users download a new VPN configuration for their clients.

        I knew I had found those settings somewhere before adding them to my firewall so I did some digging. GTA has a remote access guide at
        Starting on page 12 they have the settings I posted.

        Once you are able to schedule a maintenance window, I would try the new IPSec object again. Before testing with the iPhone, download it to a PC using the iPhone credentials and verify that it works. If it doesnt work on a PC there is no way it will work on the iPhone.

        Keep in mind that page 12 is referencing L2TP settings but it is the same for IPsec since L2TP uses IPSec to make the initial connection to the firewall.