PDA

View Full Version : Problems with VPN-1 Edge connecting to Apple iPhone



roveer
2008-12-16, 13:23
I have a need to establish a VPN connection from an Apple iphone

The iphone has a L2TP client so I enabled "allow L2TP" on the VPN-1 EDGE and established a preshared secret.

I configure the iphone for access put in the preshared secret, put in the same username I use for for my securemote access and try to connect.

The iphone times out saying "the connection has failed, please verify your settings and try again.

The VPN-1 logs say the following:

14074 16Dec2008 12:55:28 Closed VPN Tunnel with xx.xxx.xxx.xxx
14073 16Dec2008 12:55:28 Successfully authenticated user connecting from ip xx.xxx.xxx.xxx
14072 16Dec2008 12:55:28 IKE Phase1: Completed successfully with VPN peer xx.xxx.xxx.xxx [Security: 3DES/SHA1 Expire Time: 59 minute(s), 58 second(s) NAT-T: turned on]
14071 16Dec2008 12:55:26 IKE Phase1: The VPN Peer xx.xxx.xxx.xxx is behind a NAT device: NAT-T mode enabled

It would appear I'm close, but what else can be done to make this work?

Thanks,

Roveer

danjun
2008-12-16, 14:57
I would love to try this out and get it to work. Too bad I don't have an iPhone. I think I could manage something out since I can ask the programmers to make adjustments to the firmware for a test.

roveer
2008-12-16, 17:08
Not sure I understand your post. My VPN-1 Edge is running 7.0.52 fw but you make reference to R65 HFA02 w/a workaround or R65 HFA 30. How would one apply these to a VPN-1 Edge? Very sorry for my ignorance. VPN-1 Edge box is a hardware appliance.

Also, I just tried this on my other VPN-1 Edge which is running 7.5.48 and it gave the same result.

Hoping someone can shed some light on this.

roveer
2008-12-16, 18:38
Your being too nice. I think Dantro wanted me to buy him an iphone so he could get developers to update the firmware :0 Doh!!!

danjun
2008-12-16, 20:14
I just would like to provide a solution in my UTM-1 Edges FAQ (http://www.cpug.org/forums/check-point-vpn-1-edge-appliances/6341-utm-1-edges-faq.html) for this kind of request. I can't since I have no access to an iPhone. If I could get it to work with a testing firmware I'm sure one of the next firmware releases could include the feature as Check Point might also be interested in it.

roveer
2008-12-16, 21:01
I was just funn'n ya bro. I appreciate your help. What gets me is that why would L2TP have flavors, some work, some don't, some don't work with others. I thought that was what standards were about.

It's frustrating. If this were to work, It would potentially bring great functionality, but no. It's got to be a standards thing.

I can watch live cable TV from my iphone using ORB and even change channels. Incredible, but a VPN, that's too challenging. Kind of peeve's me.

Again, just hav'n a litttle fun at your expense. Wish I had an extra iphone to send you.

While your at it, have you documented the VPN-1 Edge bug with Verizon FIOS? Since FIOS has a DHCP lease time of 2 hours, for some reason it causes the router to drop all connections for a second every (2 hours), thus crushing all music or video streams that might be playing. Had to drop back to FW 5.0.23 to make it work. Really bummed cause I've seen the 8.x firmwares and just loved the dashboard. Bummer.

Roveer

Thorpuse
2008-12-17, 08:28
I can get access to an iPhone and Edge devices - I'll try this out over the weekend and report back.