How IOS device get the IKEv1 VPN configuration from Device Security Firewalls icon

Avatar
Ron
  • Updated

This example is for IOS client easier get IKEv1 VPN configuration from device. It can avoid configuration error and easier establish IKEv1 tunnel directly.

Set Up the IKEv1 VPN Tunnel on the ZyWALL series

In the ZyWALL VPN, go to CONFIGURATION > VPN >IPSec VPN > VPN Gateway > click add to create a VPN gateway rule.

Configuration > VPN > IPSec VPN > VPN Gateway > Click “add” button

In the ZyWALL VPN, go to CONFIGURATION > VPN >IPSec VPN > VPN Connection > click add to create a VPN connection rule.

Configuration > VPN > IPSec VPN > VPN Connection > Click “add” button

Set Up the Configuration Provisioning for IKEv1 rule

Go to CONFIGURATION > VPN > IPSec VPN > Configuration Provisioning > Click Add button create rule and select IKEv1 rule which you would like to provisioned.

CONFIGURATION > VPN > IPSec VPN > Configuration Provisioning

Use your IOS device to get IKEv1 configuration from device

Use your IOS device and Safari access to device and login by normal user which you setup in provision. (e.g. https://192.168.1.1). And then click “IPSec” button to download configuration.

Enter your IOS device password, and then click install button to install it.

Enter IKEv1 user name and password after installed configuration.

After these steps you can find the IKEv1 rule appears on your IOS device. (Settings > General > VPN > IKEv1_Connection) And you can try to connect IKEv1 tunnel on your IOS device.

Test the Result 

On your IOS device, you can go to Settings > General > VPN > IKEv1_Connection and click connect button, check if your VPN tunnel is establish or not.

What Can Go Wrong? 

  1. This function is only support for IOS 9.3 or above version.
  1. When downloading configuration, must use Safari to access device. 
  1. Currently IOS has support for specific algorism. In ZyWALL VPN: AES256+SHA1. Key group=DH2. In VPN connection: AES128+SHA1. PFS=none. 
  1. Please make sure assigned pool IP address avoided it has overlap to any subnet. The local policy setting will related IOS routing issue. In this example, after tunnel established all of IOS traffic will forward to device.

Related articles

Comments

0 comments

Please sign in to leave a comment.