89.4. iPhone/iPad native IPsec VPN client with Aggressive Mode

When clients have dynamic IP address the MAIN mode requires the SAME PSK for all users, on the contrary AGGRESSIVE mode allows individual PSK. For this reason it is usually preferred in this situation.

89.4.1. Checklist of parameters

This table show the parameters of iPhone/iPad native IPsec and their corresponding parameters in Abilis configuration.

Table 89.5. Checklist of parameters

The iPhone/iPad native IPsec parameterAbilis IKE TableAbilis IKE Table parameter
ServerHOSTLOC-IP
AccountHOSTXAUTH-USER
PasswordHOSTXAUTH-PWD
Group NameHOSTKEY-ID
SecretPSKKEY

89.4.2. Configuring iPhone/iPad native IPsec VPN client

Suppose that Abilis is configured in the following way. Refer to Section 81.19.2, “How to configure a RAS using IPSEC VPN server with iPhone/iPad or Mac” for the configuration of IPsec and IKE resources.

[22:54:53] ABILIS_CPX:d ike host:0

-------------------------------------------------------------------------------
HOST: NAME:                              LIFETIME: HASH:     DPD:    DPD-ACTION:
      LOCIP:          NATT:   MODE:      MODE-CFG: DH:               DPD-DELAY:
      REMIP:          SIDE:   AUTH:      XAUTH:    CIPHER:   SA-TRY: DPD-TOUT:
      XAUTH-USER:                        XAUTH-PWD:
      -- PSK ID ---------------------------------------------------------------
      ID-TYPE:        IP:/ID:
      PEER-ID-TYPE:   PEER-IP:/PEER-ID:
      -- RSA Cert -------------------------------------------------------------
      CERT-SEND:      ASN1-DN:
      CERT-PEER:      PEER-ASN1-DN:
      CERT-VERIFY:
-------------------------------------------------------------------------------
0     iOS_Aggressive                     3600      SHA1      YES     STOP
      080.080.080.080 SYS     AGGRESSIVE REQUEST   MODP2048          30
      *               INSIDE  PSK        SERVER    AES256    3       120
      test                               ********
      -- PSK ID ---------------------------------------------------------------
      LOCIP           
      KEY-ID          abilis
-------------------------------------------------------------------------------

[22:54:53] ABILIS_CPX:d ike psk:1

-------------------------------------------------------------------------------
PSK: KEY:     PEER-ID-TYPE:  PEER-IP:/PEER-ID:
-------------------------------------------------------------------------------
1    ******** KEY-ID         abilis

[22:54:53] ABILIS_CPX:d ike cli:0

-------------------------------------------------------------------------------
CLI:  NAME:                                LIFETIME: ESP:        AH:
HOST: NET-LOC:           RULE:  PASSIVE:   PFS:      ESP-AUTH:   AH-AUTH:
      NET-REM:                  PERMANENT: TUNNEL:   ESP-CIPHER: MODE-CFG-DNS:
-------------------------------------------------------------------------------
0     iOS_Aggressive                       28800     YES         NO
0     000.000.000.000/00 IPSEC  YES        NO        SHA1        SHA1
      172.031.101.006/32        YES        YES       AES256      008.008.008.008
-------------------------------------------------------------------------------

To configure an Apple iOS device for IPsec VPN connection with Abilis: