Recently I had a situation where customer asked me to configure remote access VPN on his old Cisco 871. Configuration was quite simple but I had problem with connecting iPhone to his network.

The solution is quite simple: apparently Apple doesn’t like 3des so I had to configure transformset like this:

crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac

check your MTU settings with

user@computer:~$ tracepath -n www.cix.hr
1: 10.254.30.250 0.099ms pmtu 1500
1: 10.254.30.254 0.425ms
1: 10.254.30.254 0.405ms
2: 10.0.0.1 1.345ms
3: 212.92.211.193 4.111ms
4: 10.51.0.2 4.327ms
5: 10.50.0.74 192.967ms
6: 193.192.15.65 6.561ms asymm 7
7: 193.198.228.98 4.719ms asymm 10
8: 193.198.228.110 6.181ms asymm 9
9: 193.198.229.69 5.390ms asymm 10
10: 161.53.2.116 4.403ms reached
Resume: pmtu 1500 hops 10 back 54