Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2387
Views
5
Helpful
7
Replies

Cisco RV260 to IPhone IOS 13 built-in IPSec VPN

Cang_Household
Level 1
Level 1

‎09-11-2020 06:32 PM

Hello the Cisco Community,

I am new to Cisco products and commercial networking (I am using it for home, so overkill).

 

I bought a Cisco RV260 Small Business Router recently and tried to configure its VPN IPSec Client-to-Server to connect with an IPhone's built-in VPN IPsec.

 

Despite the Client (IPhone) and Server (RV260) can find and talk to each other, I am constantly getting the error message "no IKE config found for [server IP]...[client IP], sending NO_PROPOSAL_CHOSEN" in VPN logs. I did search online and seem that my encryption types and algorithms are mismatched between the VPN server and client. However, I cannot manually set or check the default encryption types and algorithms used by IPhone's built-in IPSec VPN (this configuration page has Cisco logo?). Does anyone have a solution to this problem?

 

Thank you for helping.

1 person had this problem
Labels:
0 Helpful
7 Replies 7

marce1000
VIP
VIP

‎09-12-2020 12:29 AM

 

 - Check if Step 11. from this document can help you :

          https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/Configuring_VPN_Setup_Wizard_on_the_RV160_and_RV260.html

 M.,



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Cang_Household
Level 1
Level 1
In response to marce1000

‎09-13-2020 08:30 PM

Hi marce1000, thank you for replying.

I perused every page of the Administration Manual and online case studies, but none of which directs the setup for the IOS built-in VPN IPsec.

0 Helpful

Georg Pauwen
VIP
VIP

‎09-12-2020 12:33 AM

Hello,

 

use the AnyConnect client from the AppStore:

 

https://apps.apple.com/us/app/cisco-anyconnect/id1135064690

0 Helpful

Cang_Household
Level 1
Level 1
In response to Georg Pauwen

‎09-13-2020 08:28 PM

Hi Pauwen, thank you for replying. Unfortunately RV260 and RV160 does not support Cisco AnyConnect. I did not buy RV340 or RV345 which do support AnyConnect but I do not have dual WAN that needs a router like that.

 

I hope Cisco will provide some tutorials on using the built-in IPsec VPN on Iphone, and therefore no apps need to be downloaded. I am trying to keep everything simple.

0 Helpful

nagrajk1969
Spotlight
Spotlight

‎08-25-2021 12:31 PM

Hi

 

This is quite an old post, but just in case somebody is still looking for sample configs for IKEv2 C2S with MacOS/iOS clients....Hope it will be of some help

 

If you want to establish Client-to-Site IKEv2 tunnels to RV34X/RV260/RV160 routers from multiple MacOS_iOS_Ipad clients using PSK for IKEv2-Auth, then please find below the steps/procedures and info to configure the same on RV34X/RV260/RV160 (C2S config) and on the MacOS/iOS-Ipad clients using IKEv2-PSK-auth only (meaning there is NO username/passwd/useraccounts required for the clients)

 


----------------------------------------------------------------------------
1. RV260/RV34X C2S IKEv2 VPN Server for MacOS-iOS Clients using PSK-auth only
---------------------------------------------------------------------------

- Configure the C2S server on RV34X/RV260 as below:


Step-1: In the Ipsec-Profiles, configure the below ipsec-algo-profile used by Mac-iOS clients

 

Name: Ikve2MaciOSClientsProfile
Version: IKEv2
Phase-1: AES128-SHA1-GROUP2; Lifetime: 28800sec
Phase-2: ESP; AES256-SHA256; pfs=no; lifetime:3600sec

- apply and do a permanent save too

 

Step-2: In Basic Settings tab

 

- add and configure a C2S vpn server as below:

Enable: Yes/Checked
Tunnel Name: Ikev2_MaciOSClients_wPSKonly
Ipsec Profile: Ikve2MaciOSClientsProfile
Interface: WAN

IKE Authentication Method
Pre-shared Key: Test$123456789

 

Local Identifier:
- select FQDN
- enter this server fqdn/dns-name: rv34x.servergw.local

 

Remote Identifier:
- select FQDN
- enter * (star/asterix) as the wildcard value here.

- Note: This wildcard */asterix-star is required, to support multiple mac-ios clients to connect to this vpn-server using psk-auth

 

Extended Authentication: DISABLE/UNCHECKED

- Note: DO NOT ENABLE/SELECT EXTENDED AUTHENTICATION

 

Pool Range for client lan:

Start ip: 10.30.1.100
End ip: 10.30.1.150


Step-3: In the Advanced settings tab

 

Remote Endpoint : Dynamic IP

- It should be Dynamic IP only as multiple clients will be connecting to this server

 

Local Group Setup
Local IP Type: ANY


Mode Configuration

dns/wins/default-domain/etc: to be configured as per the user requirements


Step-4: Click on Apply and do a permanent save too

 

 

-----------------------------------------------

2. IKEv2 with PSK configuration on MacOS/iOS/Ipad clients

-----------------------------------------------

For IKEv2 tunnel with PSK only:

 

step-1: On the desktop of Mac-client..click on the wifi-icon...and Go to “Open Network Preferences”

 

step-2. Click on + to create a new service..


- select the VPN interface
- IKEv2 as VPN type, and
- give a name “ClientV2_wPSK”

 

Step-3: In page that is displayed, click first on “Authentication Settings”

- Select “None” only, and do not select certificate (or Use-Certificate)

- For PSK-based IKEv2-auth, Select the “Secret” and enter the Pre-Shared-Key e.g: Test$123456789

 

Step-4: Now, back to main config page

a) Enter the "Server Address" as dns-name of the RV34X/RV260 Router's wan-ipaddress - say for e.g "rv34x.servergw.local"
Note: This FQDN/dns-name should-be/MUST-be resolvable by the dns-server configured on the mac-client to the public-ipaddress of the wan-interface of RV34X/RV260

 

b) For "Remote-ID" enter the value "rv34x.servergw.local" (enter without the quotes)

c) For "Local-ID" keep the value empty, do not edit or enter any value here

 

Step-5: you are done (and save the config). If the C2S-server on RV34X/RV260 is ready, then you may click on connect on this mac-os/ipad/ios client

 

The above configs have been tested by me with 2 mac-clients on a RV345-router. Its a working config for RV260/160 too

 

I have checked by connecting from Mac-clients that are behind a NAT-router too...so NAT-T also works perfectly with the above configs on server and the clients. You can connect multiple macos clients concurrently to this vpn server using just PSK.

 

 

 

 

 

 

 

 

 

Cang_Household
Level 1
Level 1
In response to nagrajk1969

‎09-02-2021 06:44 PM

I guess the post is not old. I just encountered more troubles with RV260 VPN with Apple clients.

My IPhone SE (2020) IOS 14.7 can connect to the IKEv2 tunnel almost flawlessly, but my newly bought Macbook Pro is having trouble connecting to it. I am a long time Windows and Linux user, but my father persuaded me to purchase a Mac (and now I am having lots of trouble with networking, network drive mapping, VPN, and others). 

The Macbook Pro would connect to the IKE2 tunnel at first, and then it disconnects always at the 8-minute mark. I checked RV260's syslog and it seems the tunnel breaks at renegotiation. The Macbook seems to voluntarily disconnect the tunnel rather than the RV260 initiating the termination. I don't have lots of time to investigate the issue given the school is starting next week, and what I learn has nothing to do with computers. If somebody finds a solution or is experiencing the same issue, please make a comment here.

When I talked to a Cisco Smart Net agent last year, the agent told me that his manager says the way StrongSwan (IPsec keying daemon) is configured in the RV160/260 does not allow multiple clients using the same tunnel. I had to create multiple tunnels for each device I would like to connect.

Besides the VPN issue, I am trying to piggyback on my Macbook Pro's 802.11ax wireless card. I have a Windows laptop next to the Mac, and I want both computers to get gigabit speed. I can pull an Ethernet wire from one side of my room to the other, but I could get tripped over the wire. I found the Mac's 802.11ax can pull 914Mbps (averaged speed during a random test), so I got two Ethernet dongles, one plugged into each computer, and connected them with a short cable. On the Mac, I am unable to bridge the Ethernet dongle with the wireless card because of MAC association restriction on the AP, so I opted for the uglier solution of using a NAT on Mac. The official, out of box NAT on Mac is "Internet Sharing," but I could not neither change the downstream DHCP distribution pool nor manually assign the virtual bridge interface a static IP through the Mac GUI. I need to resort to using the Terminal and need to read some barely available documentation. 

0 Helpful

MyRickyem
Level 1
Level 1
In response to nagrajk1969

‎02-12-2023 06:15 AM

Thanks for the clear instructions. I have a rv260w and the vpn tunnel you configured here works great with my iphone and ipad. Do not use macs. Thanks again.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card