01-24-2012 04:48 AM
hello
i have windows 2008 R2 as CA server. and i also have 2911 router as remote vpn server. Everything works fine for desktops computers and leptops. Users automatically enroll certificates on Microsoft CA server and get connected to vpn. But problem is with ipads. When i try to connect from ipad error massage deslpays "Could not validate the server certificate" and i also get chis error massage from router
"CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from x.x.x.x failed its sanity check or is malformed"
With ipads built in vpn client i can see the installed certificate and use it but with anyconnect client no certificates are displayed.
01-24-2012 07:43 AM
Nika,
I'm having a similar problem as you with Ipad's. I can install the certificate (had to download the CA certificate and install it for it to be trusted) however the anyconnect client does not recognize the certificate and tells me that no certificates are available.
I'm talking with Apple about this as well at the moment. If I find anything I will post it here.
01-24-2012 07:55 AM
Another item to consider with this is that I found a problem with using the Certificates from a 2008 server using SHA2 and higher encryption. There's a microsoft fix for it. Wondering if there might be a similar problem with Ipad's and the anyconnect client.
01-26-2012 10:04 PM
yesterday i tried to do this configuration with ASA and Microsoft CA server, but the result was same. Works well with workstations and doesn't work with ipads . Today i am going to try different CA server.
01-30-2012 03:55 AM
I have done it
i just added SAN attributes on windows server 2008
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc
http://support.microsoft.com/kb/931351
and on identity certificate on cisco router added attributes
san:dns=dns.name[&dns=dns.name]
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide