[Date Prev][Date Next][Thread Prev][Thread Next][Thread Index]

Re: [fw1-gurus] iPhone L2TP with VPN-1 R65 HFA30

I've set this up with several customers, so I know it works.

Supporting AES-128 and forcing AES-128 are two different things.  I don't recall haven't had to configure AES-128. But if you decide to try it, just make sure that AES-128 is selected in policy > global properties > remote access > ike phase I and that enforce algorithm is unchecked under phase II. Though likely the person is thinking of an issue where ike_phase2_key_size isn't downloaded to MAC clients, causing many people to using AES-128 instead of editing the userc.C on the client.

-----Original Message-----
From: Torkel Mathisen [mailto:[email protected]]
Sent: Friday, February 13, 2009 08:22 AM
To: ''FireWall-1 Gurus Mailinglist''
Subject: [fw1-gurus] iPhone L2TP with VPN-1 R65 HFA30

Hi, Has anyone gotten L2TP to work from iPhone through R65 HFA30? I've done all the configuration stated in the release notes, but it still doesn't work. I've read somewhere that you need to support AES-128 on the gateway. We do support AES-128, however we use AES-256 on both Phase 1 and Phase 2. I have not tested yet if this is the problem because it will affect our RemoteAccess users and I can't do that on a Friday. Anyone know what the problem could be? Regards, Torkel _______________________________________________ fw1-gurus mailing list [email protected] http://lists.phoneboy.com/listinfo.cgi/fw1-gurus-phoneboy.com
fw1-gurus mailing list
[email protected]