How to make iPhone Cisco VPN client work with ASA with certificate authentication

Posted by Ben Jencks on Server Fault See other posts from Server Fault or by Ben Jencks
Published on 2010-04-22T21:47:58Z Indexed on 2010/04/22 21:53 UTC
Read the original article Hit count: 1164

Filed under:

iphone

|

vpn

|

cisco-vpn

|

ipsec

|

certificate

I have an ASA that's providing IPsec VPN services using certificate authentication (no xauth, just the certs). It works perfectly with the Cisco IPsec VPN Client. Now I'm trying to let iPhones connect.

I've installed the CA cert and a client certificate on the iPhone with a profile using iPCU, along with the VPN configuration. Then connecting gives the error "Could not validate the server certificate". Additionally, the ASA logs the error "Received encrypted Oakley Informational packet with invalid payloads".

FWIW, I receive the same invalid payload error when trying to use the Snow Leopard IPsec client to connect.

Has anyone successfully gotten the iPhone IPsec client to work with certificate auth?

© Server Fault or respective owner

Related posts about iphone

iphone - direct link to iPhone review form from inside iphone

as seen on Stack Overflow - Search for 'Stack Overflow'
I am trying to link directly to the review link of one of my Apps. I know that it is possible because Appirater did it in the past, but some change in iTunes turned the API down. Appirater uses this URL NSString *templateReviewURL = @"itms-apps://itunes.apple.com/WebObjects/MZStore.woa/wa/viewContentsUserReviews… >>> More
Buy iPhone 4 Without Contract: $599 (AT&T) and $699 (Verizon)

as seen on Tech Dreams - Search for 'Tech Dreams'
Purchasing iPhone without a contract is a good option when you are planning to gift it to someone or going to use it outside US. Both AT&T and Verizon lets you iPhone 4 without a contract but this information is buried deep under blurred text in FAQs and agreements. Here is the pricing… >>> More
Is it possible to download and run IPhone apps on an IPhone emulator

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am tasked to provide an IPhone client app for our SaaS website. I have never written an IPhone application, nor do I have an IPhone at the moment. Before I can decide whether or not I want to do this myself or outsource this, I'd like to try a few apps myself to get a feeling for the UI. Is… >>> More
iPhone web app from dashcode rss feed template works deployed on simulator but not on iphone

as seen on Stack Overflow - Search for 'Stack Overflow'
iPhone web app from dashcode rss feed template works deployed on simulator but not on iphone. The web app is deployed at; http://www.alila.se/wordpress/index.html If i run the simulator and enter that adress, it fetches the rss feed and displays it. Everything fine. When i enter the adress into… >>> More
Problem running iPhone application on iPhone from Xcode (and in Instruments)

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I have a problem running one application on the iPhone from Xcode (or Instruments). When I try to run the app I get the error message Failed to upload XXX.app in the bottom left corner of Xcode. The strange thing is it actually uploaded the app to the iPhone but it doesn't start it (after this… >>> More

Related posts about vpn

Problem with setup VPN in Ubuntu Server 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More
Problem with setup VPN on Ubuntu Server 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More
l2tp / ipsec debian Openswan U2.6.38 does not connect

as seen on Server Fault - Search for 'Server Fault'
i am trying to get ipsec/l2tp running on a debian server with an iphone as a client but always get: Dec 2 21:00:04 vpn pluto[22711]: packet from <clientip>:43598: received Vendor ID payload [RFC 3947] method set to=115 Dec 2 21:00:04 vpn pluto[22711]: packet from <clientip>:43598: received… >>> More
Setup VPN issue on Ubuntu Server 12.04

as seen on Server Fault - Search for 'Server Fault'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More
Cannot connect with Cisco VPN but can connect with ShrewSoft VPN

as seen on Server Fault - Search for 'Server Fault'
EDIT: We connected an air card to the computer to use a different Internet connection and using the Cisco software, we were able to successfully connect to our VPN server. I just don't understand why the ShrewSoft VPN client would connect but the Cisco connection won't. I'm not our network admin… >>> More