Our company has to comply with the mandate that all mobile phones use L2TP or IPSec VPNs when using untrusted Wifi or GPRS connections… namely to protect from MITM attacks. Were also interested in preventing the decryption of A5/2 or A5/3 mobile signals.
To that end we are considering using IPSec or L2TP VPNs with Android's "Always On VPN" option:
- Settings
- Wireless & networks
- vpn
- In the upper right corner, select always on vpn
Since these phones are BYOD, we are placing them in a non-corporate location in the Amazon/Rackspace/MSFT cloud. (outside of any firewall policy or Websense filtering)
I am now attempting to make an iPhone/iPad and an Android use a PSK with either L2TP or IPSec. I'd rather use IPSec over L2TP because it works over NATs, and I'd like to use a PSK (pre shared key) because the overhead of deploying certificates to devices is too burdensome.
Question
Aside from setting the PSK password below, (Test123) what is required to set up PSK L2TP or IPSec?
Are there any known (in)compatibility issues with this configuration & iPhone/Android?
Other things I've done include removing the firewall (Amazon firewall policy, Windows Firewall), restarted the service.
Best Answer
port forward to
PPTP
PPTP tunnel maintenance – TCP 1723 GRE – Protocol ID 47
L2TP over IPSec
L2TP traffic – UDP 1701 Internet Key Exchange (IKE) – UDP 500 IPSec Network Address Translation (NAT-T) – UDP 4500
Most forget 4500