Re: VPN iPad ios10 to SRX5308

njem · ‎2017-01-18

Before I beat my head against trying to get this VPN going and wonder why it won't work am I wasting my time? I find this article

http://kb.netgear.com/25836/How-to-Setup-VPN-with-NETGEAR-Firewall-and-iPhone-iPad

which says I must run firmware that the release notes say "supports iphone VPN". Well the release notes for this router don't say that. Can it not make a VPN connection to an ipad with ios 10?

Thanks.

ChenX · ‎2017-01-18

Hi njem

Welcome to the community!

I have tried on my ipad ios v10.2,SRX5308:4.3.4-2 follow your link.I can set up the vpn.

Can you have a try on the newest firmware for SRX5308?

njem · ‎2017-01-19

Thanks. The IOS VPN dialog uses different names for entries than the netgear side. Seems like every company does. What settings do you have for these boxes?

Server (I assume this is the outside IP)

Remote ID (This is like fqn_remote.com in the netgear example?)

Local ID (This is like fqn_local.com?)

Authentication (this defaults to "user name" but there is no user name, unless this is where the fqn_remote.com would go)

Password (would be the preshared key)

Proxy (by default is off)

Generally for VPN setup I'm expecting to put in somewhere what the local and/or remote LAN IP range is. I don't see a place to put that here. Doesn't need it?

Also usually the LAN IP of the VPN router. Don't see where that goes.

If the proxy should be set to manual it's asking for server (this is the router LAN IP?) port (VPNs use multiple ports) and authentication (this would be fqn_remote.com and password?)

How did you set these?

Thanks.

ChenX · ‎2017-01-19

Hi njem

You should select the type to IPSec

Here is my config on IOS:

Type: IPSec

Description:Any

Server: SRX5308-WAN IP

Account: username (the user you added on the SRX5308)

Password: userpassword (the user's password you added on the SRX5308)

Use Certificate:OFF

Secret:the Pre-shared key on the SRX5308

PROXY: OFF

Regards

njem · ‎2017-01-23

ChenX,

Thanks. Part way there. I think the way you set up the router end is different. On the ipad I made an IPSEC VPN connection (it offered IKE but I see yours is IPSEC).

It's offers these settings:

Server: outside IP of the office
(since I'm trying this from inside the office I've also tried using the LAN IP of the router)
Account: JoeUser
Password: (the password for the User, JoeUser on the router)
Use Certificate: off
GroupName: blank. I've also tried geardomain
Secret: (The preshared key made with the router VPN settings. I made this the same as the JoeUser password just to remove one variable.)

When the ipad tries to connect it says "VPN Connection: The VPN server did not respond."

On the router I made a user JoeUser of type "IPSEC VPN user". It says it's going to make them in user group "geardomain" but when I get back to the list of users it shows the Group column and Authentication Domain column as blank.

I made a VPN connection setup in the router using the VPN Wizard and chosing type "client". I suspect this did not create the right setup for this kind of conneciton. For one thing when I view VPN Status it doesn't even list it. What steps did you use to create the router side of the VPN?

Thanks.

ChenX · ‎2017-01-23

Hi njem

Do not add a vpn connection setup by the VPN Wizard for the iphone.

1.First, create a mode config profile. Go to VPN > Mode Config > Add.

2. Then, create the IKE Policy manually. Go to VPN > IPSec VPN > IKE Policy > Add.

3. Once done, create an IPSEC user. Go to Users > Users > then Add.

njem · ‎2017-01-26

ChenX,

Almost there. I followed your steps and on the IOS side it said VPN Connected. On the Netgear side it listed it in the status page but said IPSEC SA Not Established. That may have been because I was trying it from inside the LAN. The exec will be trying it from home. We'll see what happens then.