Knowledge Base

How IOS device get the IKEv1 VPN configuration from device

Scenario

This example is for IOS client easier get IKEv1 VPN configuration from device. It can avoid configuration error and easier establish IKEv1 tunnel directly. 

Step

Set Up the IKEv1 VPN Tunnel on the VPN/ATP series

In the VPN/ATP, go to CONFIGURATION > VPN >IPSec VPN > VPN Gateway > click add to create a VPN gateway rule.

Configuration > VPN > IPSec VPN > VPN Gateway > Click “add” button

In the VPN/ATP, go to CONFIGURATION > VPN >IPSec VPN > VPN Connection > click add to create a VPN connection rule.

Configuration > VPN > IPSec VPN > VPN Connection > Click “add” button

Set Up the Configuration Provisioning for IKEv1 rule

Go to CONFIGURATION > VPN > IPSec VPN > Configuration Provisioning > Click Add button create rule and select IKEv1 rule which you would like to provisioned.

CONFIGURATION > VPN > IPSec VPN > Configuration Provisioning

Use your IOS device to get IKEv1 configuration from device

Use your IOS device and Safari access to device and login by normal user which you setup in provision. (e.g. https://192.168.1.1). And then click “IPSec” button to download configuration.

Enter your IOS device password, and then click install button to install it.

Enter IKEv1 user name and password after installed configuration.

After these steps you can find the IKEv1 rule appears on your IOS device.(Settings > General > VPN > IKEv1_Connection) And you can try to connect IKEv1 tunnel on your IOS device.

Verification

Test the Result

On your IOS device, you can go to Settings > General > VPN > IKEv1_Connection and click connect button, check if your VPN tunnel is establish or not.

What Can Go Wrong?

  1. This function is only support for IOS 9.3 or above version.
  1. When downloading configuration, must use Safari to access device.
  1. Currently IOS has support for specific algorism. In VPN gateway: AES256+SHA1. Key group=DH2. In VPN connection: AES128+SHA1. PFS=none.
  1. Please make sure assigned pool IP address avoided it has overlap to any subnet. The local policy setting will related IOS routing issue. In this example, after tunnel established all of IOS traffic will forward to device.



YES NO

Please leave your comment:

SUBMIT

Question Profile

LANGUAGE:
ARTICLE ID:018053
TYPE:Application / Configuration Example
FIRMWARE:4.38 or above version
VIEWS:52
VOTES:0
TECHNOLOGY:
MODEL:ZyWALL 110,ZyWALL 1100,ZyWALL 310 (view more model name)

Still have trouble with your device? Contact Zyxel technology support team directly!

Contact Zyxel Support