Android VPN client

jpggoals77 · ‎01-31-2013

Hi,

I must buy a new VPN router for a customer which requires VPN access from their Android phones.

I'm currently looking at RV180 as it seems cheap and the Datasheet states it would allow 10 concurrent VPN connections. However it talks about QuickVPN and I've had some troubles in the past trying to setup a generic IPSec client on routers with QuickVPN. ¿Anyone got this router to work with Android devices? (Generic IPSec settings, VPNcilla, etc. Please specify the client on the reply)

My other option is an 861 Integrated Services Router. The problem here is it is more expensive and the datasheet only states 5 concurrent VPN tunnels... and still in doubt if it will work with Android devices.

Any suggestions or experiences with these scenario in mind would be really usefull.

Thank you in advance.

Liam Kenneally · ‎01-31-2013

I would use an 800 series router, I specilise in the mainline Cisco products so can not comment on the CiscoLinksys(SMB Range) kit.

then you can use the ANDROID anyconnect client.

Additionally you could use a 3rd party VPN client on the ANDRIOD device I use 'VPNCilla' which works extreamly well with the traditional IPSEC RA VPNs.(Free but unsupported)

If you wanted to go SSL VPNs here is a build.(Cisco Supported method)

Line Number	Item Name	Description	Service Duration	Lead Time	Included Item	Quantity	ListPrice	Extended ListPrice	Discount %	Selling Price
1.0	CISCO881-K9	Cisco 881 Ethernet Sec Router	N/A	14 days	No	1	649.00	649.00	0	649.00
1.0.1	CON-SNT-C881	SMARTNET 8X5XNBD Cisco 881 Ethernet Sec Router	12 month(s)	N/A	No	1	50.60	50.60	0	50.60
1.1	CAB-ACU	AC Power Cord (UK) C13 BS 1363 2.5m	N/A	14 days	No	1	0.00	0.00	0	0.00
1.2	CAB-ETH-S-RJ45	Yellow Cable for Ethernet Straight-through RJ-45 6 feet	N/A	14 days	Yes	1	0.00	0.00	0	0.00
1.3	PWR-60W-AC	Power Supply 60 Watt AC	N/A	14 days	Yes	1	0.00	0.00	0	0.00
1.4	PS-SWITCH-AC-3P	3 Prong C13/C14 On-Off AC Power Supply Switch	N/A	14 days	Yes	1	0.00	0.00	0	0.00
1.5	SL-880-ADVSEC	Cisco 880 Advanced Security Software License	N/A	0 days	Yes	1	0.00	0.00	0	0.00
1.6	S880DUDK9-15204M	Cisco 880 Series IOS UNIVERSAL DATA	N/A	0 days	No	1	0.00	0.00	0	0.00
1.7	SL-880-AIS	Cisco 880 Advanced IP Services License	N/A	14 days	No	1	150.00	150.00	0	150.00
1.8	FL-SSLVPN10-K9	Cisco SSLVPN Feature license - 10 users	N/A	0 days	No	1	300.00	300.00	0	300.00
1.9	ISR-CCP-EXP	Cisco Config Pro Express on Router Flash	N/A	0 days	Yes	1	0.00	0.00	0	0.00

PLEASE NOTE:- I take no responsibility for incorrect builds etc. All advice I offer is free and should be reaserched thouroughly.

Kind Regards,

Liam

juanpedro.gonzalez.gutierrez · ‎03-04-2013

Hi Liam,

Thankyou for your reply. Finally went with the CISCO 861... Through CCP I'm only allowd to create a EasyVPN server, which includes groups, something that seems to be missing on Android phones.

CCP also includes the capability to create SSL VPNs but I get stuck when I get to the stage where I should isntall de software package. A SSL package appears but not mentioning VPN (and not matching the packages I've seen on some tutorials). I've even seen on some pages which state 861 may not be allowed to create SSL VPNs. Do you know something about this?

I was also wondering if CISCO 861 is allowed to create L2TP/IPSEC just in case none of the others work. It seems it can not be done through CCP but wonder if it can be done through CLI, and if it will still allow the 5 VPN tunnels the specefication talks about.

Thankyou

Liam Kenneally · ‎03-13-2013

Hi Juan,

Sorry about the late reply!

The 861 does not support SSL VPNs, which was why I recomended the 881series router. All is not lost there are third party apps that will allow your Android device to work with a traditional IPSEC RA VPN. I use on my Samsung Table 'VPNCilla' which cost me around £3.00 I believe and it works perfectly(It even works well over 3G if the reception is good.). However 'VPNCilla' is not YET supported on my Samsung Galexy S2 but they are working for support on mobiles. Again their are 3rd party apps that will allows IPSEC RA VPNs in the same way as VPNCilla.

However yes the 861 will allow both Remote Access(RA) & Site to Site(S2S) IPSEC VPNs. I believe the 5 tunnels is a recommended value, I am not sure whether this value is enforced at 5 or not.

In regards to configuring S2S or RA VPNs there are some very good tutorials on the web which walk you through both Sceinarios.

Let me know how you get on.

Kind Regards,

Liam

juanpedro.gonzalez.gutierrez · ‎03-15-2013

Hi Liam,

Thanks for your reply.

I've configured a EasyVPN server as a RA VPN which works great with iPhone devices, but I'm unable to find any solution which works on Android devices. I had read about VPNCilla but bumped into another problem as it will only work on Android 4.x.x and some of the devices I've got won't update their firmware leaving them with Android 2.3.x.

It seems my best bet would be setting up an L2TP/IPSec VPN End Point for RA as it seems to be supported by Android.... However CCP won't have a wizard for setting this type of VPN end point and not sure if Cisco 861 will allow 5 tunnels through this type of VPN if it is allowed. I've been searching what commands should I issue through the CLI but most of the documents I've found are focused as a L2TP/IPSec client to connect to another router and not RA. Do you know if this can be done? ...and if so, any document describing this steps?

Thankyou in advance.