I'm not going to give you the

mohammedrashid459 · ‎06-21-2016

Dear Experts,

I have got some doubts, can anyone of you please help me out.

My organization wants me setup a VPN server for the android and IOS users.

They want their users to connect to the VPN server using the in build VPN support in the android and IOS.

The different VPN options available in android are

PPTP,

L2TP / IPSEC with PSK.

L2TP / IPSEC with RSA

IPSEC Xauth PSK

IPSEC Xauth RSA

IPSEC hybrid RSA

Is there a way I can configure this options on a router or a firewall.

Anyhow I managed to configure PPTP vpn on ubuntu server.

I'm not sure about the other VPNs.

Any help or advice would be really appreciable.

Thanks

Mohammed Rashid

Philip D'Ath · ‎06-21-2016

Go with a recent Cisco ASA, and use the Cisco AnyConnect SSL VPN solution.

Much easier to manage clients.

mohammedrashid459 · ‎06-23-2016

Hi Philip,

Will the new ASA supports the connection that's established from the android device that has in build VPN options like below

PPTP,

L2TP / IPSEC with PSK.

L2TP / IPSEC with RSA

IPSEC Xauth PSK

IPSEC Xauth RSA

IPSEC hybrid RSA

Thanks

Mohammed Rashid

Philip D'Ath · ‎06-23-2016

It can - but I don't recommend it. It uses up a lot of time setting up the Android's to do this, especially if it is not IT people configuring them.

AnyConnect works brilliantly, and is quick and easy to setup. The saving in time will more than pay for the trivial cost of the AnyConnect licences.

ewilliamson4922 · ‎06-23-2016

IPSEC Xauth PSK

is a super easy setup.

mohammedrashid459 · ‎06-24-2016

Hey Williamson,

Can you please let me know, is that something you are talking about setting it up on firewall or router or.

Also can you please suggest me some links or any resources that can help me in configuring these VPNs.

Thanks

Mohammed Rashid

ewilliamson4922 · ‎06-24-2016

I'm not going to give you the full config because the code version could cause problems.

ip local pool IPPOOL 192.168.237.1-192.168.237.254 mask 255.255.255.0

Next Define your Nat exception and ACL, this differs from 8.2 to 8.3+ so I won't give you the commands, I don't want you to get taken down.

Set the dynamic-map

crypto dynamic-map DYNMAP 65535 set ikev1 transform-set AES256-SHA AES256-MD5 AES-MD5 3DES-SHA 3DES-MD5

Create tunnel-group and group-policy with settings you need

tunnel-group x.x.x.x type ipsec-ra
tunnel-group x.x.x.x. general-attributes
default-group-policy xxxxxxx
tunnel-group x.x.x.x ipsec-attributes
pre-shared-key xxxxxxxxx

Set username and password

username xxxxxx password xxxx

mohammedrashid459 · ‎06-24-2016

Hey william,

Thanks for you response

Can we configure Ubuntu server as a VPN server for those in build VPN available in android.

Is it possible to configure Cisco ASA in such a way that it should accept all the VPN connections generated from the android device regardless of in build VPN types available in android or do I have to use the cisco any connect or mobility client application for this

Can you please clear this thing for me.

Thanks

ewilliamson4922 · ‎06-24-2016

Personally, I would just build anyconnect, but the built in client would work.

setting up VPN