Showing results for 
Search instead for 
Did you mean: 

Remote Access VPN using CA on iphone

Level 1
Level 1


it is possible to configure remote access vpn on ASA for the IPHOne or Samsung and use digital certificates from a CA server?

Is there any document on how to do it? is it feasible or we have to configure Anyconnect?


5 Replies 5

Andrew Phirsov
Level 7
Level 7

Surely it's possible, and there's no difference when using native vpn-clients of those devices or cisco vpn client on PC. You just should install certificate to your mobile device and there won't be any problem with that. For example, iOS on iphone has native ipsec-vpn client, wich perfectly works with asa, including certificate-basedauthentication.


thanks for your reply, so if i follow the below document, it should work normally?

is there any other document that i should follow? a template?



Actually i m still not able to connect using my iphone, i have done a lot of research. I m getting directly the error on iphone, could not validate server certificate.and i m having the message:

Apr 04 19:26:44 [IKEv1]: Group = DefaultRAGroup, IP =, Received encrypted Oakley Informational packet with invalid payload.

any hints? i tried to use as well an attribute on the CA Server.

Dear Andrew,

Many thanks for your reply, but the idea is that i am trying to generate a user certificate and i dont find the link between this user certificate and the CN, hostname or outside IP of the ASA. for the laptop, it is working fine in a way. but on the iphone, i didnt find the procedure to follow on how to do it on the CA level (microsoft).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: