cancel
Showing results for 
Search instead for 
Did you mean: 

Iphone over VPN

absinthed_
New Contributor

Iphone over VPN

Hi

I have a SA4000 running authentication for our wireless network. The issue is that when Iphones connect, we cant launch the Network connect to grant access to restricted services. This is because of the JRE component and Java not being fully supported on the Iphone. However, I do have a few NS500 firewalls and they support L2TP, which is also native for the Iphone.

Is there some way to connect through the usual manner, login to the SA4000 and then get redirected to the NS500 for the L2TP component where I am able to grant access to services?

Anyone had any luck with getting the Iphone to work?

Thanks

Graham

5 REPLIES 5
imtravis_
Contributor

Re: Iphone over VPN

We're currently in the process of trying to get the iPhones to ActiveSync via our SA4000's. We're testing the 6.2R1 release which is supposed to support ActiveSync, so then you can sync the iPhones.

What is it your trying to use the iPhones for? Maybe there's a different route you can take instead of the NC way of granting access??

absinthed_
New Contributor

Re: Iphone over VPN

Hi

We currently have an open wireless lan. We use SSL VPN for authentication onto the WIFI. We want to be able to connect with Iphones and browse the internet as well as get mail. We have SA4000, and NS500. SA4000 handles the Wireless logins and resolves to an authentication server.

privatepile_
Contributor

Re: Iphone over VPN

I don't know your requirements, but I would consider changing your wireless architecture to WPA-2 Enterprise, using 802.1x authentication against Active Directory and GPO's to push the config down.

Celeus_
Not applicable

Re: Iphone over VPN

While a solution, many people (myself, and the PCI auditors I have talked to) consider it best practice to not allow 802.* wireless directly onto a corporate network, but rather treat it as an external/guest network, or restrict it to only have access to VPN concentrators/firewalls.

So, the OP's security requirements may preclude doing that.

In the environment I manage, we have an Open-AP to a captive portal, and then allow people onto a guest network that has no access to internal devices. This makes it relatively easy to provide wireless to guests, and internal users VPN just like they do from home.

This fails with the iPhone, which is unfortunate because some of our users are used to being able to use their blackberries to access internal sites (via the BES proxy).

absinthedjesus_
Occasional Contributor

Re: Iphone over VPN

Agreed. We use the VPN option as we are able to lock down some subnets and allow full access to others. Surely there must be a way to tunnel from the SSL VPN to a netscreen or SSG that runs L2TP etc

that once connected to SSL, before running netowrk connect, to have a book mark that tunnels to Netscreen etc for the PPPTP or L2TP authentication?