We ran into this all the time too and never really got the iPhone / iPad working using certificates over an IPSEC VPN connection. We opted to implement SSL VPN using the AnyConnect client. There is a cost for licensing the SSL VPN concurrent connections and a small cost for getting the mobile license but it has paid off in the end.
You may want to take look into that path provided you have the budget to do so. I think that is the direction Cisco is pushing anyway especially since they will not be maintaining a 64 bit version of the IPSEC VPN client.