Re: Remote Access VPN using CA on iphone

kassabziad · ‎03-31-2013

Dears,

it is possible to configure remote access vpn on ASA for the IPHOne or Samsung and use digital certificates from a CA server?

Is there any document on how to do it? is it feasible or we have to configure Anyconnect?

Regards,

Andrew Phirsov · ‎03-31-2013

Surely it's possible, and there's no difference when using native vpn-clients of those devices or cisco vpn client on PC. You just should install certificate to your mobile device and there won't be any problem with that. For example, iOS on iphone has native ipsec-vpn client, wich perfectly works with asa, including certificate-basedauthentication.

kassabziad · ‎03-31-2013

Hello,

thanks for your reply, so if i follow the below document, it should work normally?

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008092d8f1.shtml

is there any other document that i should follow? a template?

Regards,

kassabziad · ‎04-04-2013

Dears,

Actually i m still not able to connect using my iphone, i have done a lot of research. I m getting directly the error on iphone, could not validate server certificate.and i m having the message:

Apr 04 19:26:44 [IKEv1]: Group = DefaultRAGroup, IP = 192.168.1.3, Received encrypted Oakley Informational packet with invalid payload.

any hints? i tried to use as well an attribute on the CA Server.

Andrew Phirsov · ‎04-04-2013

I think here is what you're looking for:

http://serverfault.com/questions/135050/how-to-make-iphone-cisco-vpn-client-work-with-asa-with-certificate-authenticatio

kassabziad · ‎04-07-2013

Dear Andrew,

Many thanks for your reply, but the idea is that i am trying to generate a user certificate and i dont find the link between this user certificate and the CN, hostname or outside IP of the ASA. for the laptop, it is working fine in a way. but on the iphone, i didnt find the procedure to follow on how to do it on the CA level (microsoft).