While there currently isn't any BES-like point of entry for an iPhone to gain access to a corporate network, it's trivial to establish a Cisco IPsec VPN connection.
Getting Started
You'll need the following information:
- VPN Server
- User account name
- User password
- Group name
- Group password
You should know your user account name and password and you can obtain the VPN Server, Group name and Group password from your .pcf file. A PCF file typically contains an encrypted password which you can decrypt using my Cisco VPN Password Decryption page. You can also ask your VPN administrator for the plain text password.
Sample PCF File
The VPN server can be found after Host= in the pcf file. Group Name is after GroupName=, Group Password is after enc_GroupPwd= or GroupPwd=. Asterisks added below for emphasis.
[main] Description=Connect to Company VPN ****Host=your-vpn-server.coreygilmore.com AuthType=1 ****GroupName=accounting GroupPwd= ****enc_GroupPwd=9196FE0075E359E6A2486905A1EFAE9A11D652B2C588EF3FBA15574237302B74C194EC7D0DD16645CB534D94CE85FEC4 EnableISPConnect=0 ISPConnectType=0 ISPConnect= ISPCommand= Username= SaveUserPassword=0 UserPassword= enc_UserPassword= NTDomain=CorpDomain EnableBackup=0 BackupServer= EnableMSLogon=1 MSLogonType=1 EnableNat=1 CertStore=0 CertName= CertPath= CertSubjectName= CertSerialHash=00000000000000000000000000000000 DHGroup=2 ForceKeepAlives=0 PeerTimeout=90
Adding the Connection
From the Home screen on the iPhone open the Settings application. Navigate through General > Network > VPN. Tap Add VPN Configuration and choose IPSec.
Using the information provided to you by your VPN administrator or gleaned from the PCF file, fill out the fields. If you use a SecurID for authentication leave the Password field empty and you will be prompted for it each time you connect.
About the Fields
Description – This can be anything you want.
Server – The VPN server IP or domain name. Host from your PCF file.
Account – Your VPN (or SecurID) username.
Password – Your VPN password. Leave blank to be prompted (or if you use a SecurID or other token).
Group Name – Your VPN group name. GroupName in the PCF file.
Secret – The Group Password. GroupPwd or Enc_GroupPwd from the PCF file. If the password is encrypted (the PCF only contains Enc_GroupPwd) you will need to decrypt it using my Cisco VPN Password Decryption page.
Below is a sample VPN connection configuration:
Connecting
Once the fields are populated and the connection is saved you can connect to your VPN server by opening
Settings > VPN and sliding the toggle into the On position.
Updated Jan 30, 2009: Added a more detailed description of the account fields for clarity.
Tags: Cisco, iPhone, RSA, SecurID, VPN
September 28th, 2008 at 10:45 am
I was searching around on how to setup a vpn server for the Iphone myself and ended up here. I don't have Cisco soft/hardware so I had to do it with PPTP and wrote a guide about it on howto set it up under linux and connect an iphone to it, might be interesting for non-cisco users
http://www.sharedknowhow.com/2008/09/linux-vpn-server-installation-for-use-with-iphone/
March 2nd, 2009 at 8:52 pm
thanks corey..this really was a useful link..looking forward to a sip cleint on iphone that can work with ip pbx like ccm
October 18th, 2009 at 12:37 pm
"Nice article. I thought to let you know that ur site looks a bit messed up in the iCab 3 web browser."
December 20th, 2009 at 8:47 am
We have a Cisco ASA and use the VPN client for Windows and it works well. In our PCF file, there is no username or password entry. It looks like we are only using the group name and group password.
But, the iPhone client seems to require a user name and password.
In your config file above, it looks like your user and password from the PCF are also empty.
How do I set up my iPhone without the user and pass (only group and group pass).
Thanks!
January 8th, 2010 at 4:27 am
you are awsome!!!this post really helped.