I ran into this in a deployment of IPSec clients with apple ipad and iphone native vpn client. Here are details:
Cisco ASA 8.2.5 OS
Ipad, running 5.0.1
Iphone i4S, running OS 5.0.1
Special characters make your pre-shared key more secure, so i used a password generator app to make one that coincidently included a " (quotation mark). After configuring this PSK on a Ipad, i was unable to connect. I saw nothing in the ASA logs, indicating the Ipad didnt even try to connect.
The Ipad generated the following error message:
VPN Connection
A configuration error occured
OK Button
After searching for quite some time, i found this somewhat obscure reference to the bug:
http://blogs.oreilly.com/iphone/2008/07/strong-passwords-can-hurt.html
Special thx to this guy!
So i started to test special characters to see what would work, adding in 1 character at a time. Here is where I stopped:
pre-shared-key !@#$%^&*()_-+=;:'<>,.
These characters worked in the PSK. If you are curious, and want to play, have fun. I assume the alphnumerics will work since those are pretty standard.
As a side note, here are a few more interesting items:
1) The " (quote mark) does work when you run the real cisco vpn client. This was successful on a Windows 7 laptop with 5.X VPN Client.
2) The ? (question mark) doesnt work as well, but that is a little easier to figure out because when you configure it on the ASA, context-sensitive help kicks in and knocks you off the config line.
3) Iphone I4S suffers from the same issue - doesnt like quotes.
4) Android is probably not affected by this bug, but I tested on an open source TUN driver- enabled adroid - not the bionic.
Hope that saves someone some time, sometime!
W
