IPsec VPN with IPAD VPN client on USG Firewall

Publication Date:  2013-11-22 Views:  623 Downloads:  0
Issue Description
Customer was not able to create VPN tunnel between USG2260 firewall and Apple device because Apple has different default settings for IPsec, and the settings can not be changed on Apple devices especially IPADs. 
Alarm Information
none
Handling Process
We did some research to find out what Apple devices use for their IPsec settings.
found out following settings :

Ike encryption: 3DES
Authentication algorithm: SHA-1 (default for Huawei)
Authentication method: pre-share key (default for Huawei)
DH: group2

IPSec mode: transport mode
IPSec encryption: 3DES
IPSec Authentication algorithm: MD5 (default for Huawei)

we applied the setting on the USG firewall and customer was able create the VPN tunnel.
Root Cause
we had to figure out the default settings for Apple devices for IPSec.
Suggestions
Apple uses different default settings for IPSec VPN and it can not be changed on their devices, so we need to apply their settings on Huawei firewall to create the VPN tunnel.

END