Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Jabber on IPhone using VPN

Hi Everyone,

I have been requested to configure Cisco Jabber to work through our VPN to our organizations IPhones. We currently have Cisco Jabber and Cisco AnyConnect configured throughout the organization and I have configured CUCM as shown in this video and configured the firewall as shown in this video. Finally I tried to configure the IPhone as shown in this video, but Cisco Jabber is giving me the error "Failed to discover network services. Tap advanced settings to set up manually." I get the same error regardless of auto or manual settings. I am connecting through the VPN natively as shown in the above video and am able to access internal resources. I am also able to connect to Jabber on the WiFi with no issues. 

I am aware that there is an option to configure Cisco Jabber with no VPN, but from what I read, it will require additional resources and significant time to configure, whereas I have a Cisco ASA, Cisco Jabber, and Cisco AnyConnect all configured and I was hoping it would be a simple configuration to chain them together. 

Thank you for any assistance you can give.

-JD

6 REPLIES
Cisco Employee

Pull a PRT from the device,

Pull a PRT from the device, do you get the reply from your DNS and the SRV records?

do you have full connectivity between the device over VPN and the backend servers and the other devices you will be calling to?

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
New Member

Thank you Jaime,

Thank you Jaime,

I figured out the networking issue, I only had given access in not back out, so I now can access the internal network, but am now receiving a new error. "Cannot communicate with the server." I attached the error log from Jabber. I believe this may be the error message we are looking for.

INFO [0x000000016ef6f000] [ils/src/cert/ios/iOSCertVerifier.cpp(46)] [csf.cert.ios] [verifyCertificate] - Checking SSL Policy
2017-06-22 11:28:42,882 ERROR [0x000000016ef6f000] [ls/src/cert/ios/iOSCertVerifier.cpp(186)] [csf.cert.ios] [verifyCertificatePolicy] - Policy verification failed, result=5
2017-06-22 11:28:42,882 DEBUG [0x000000016ef6f000] [rc/cert/common/BaseCertVerifier.cpp(171)] [csf.cert.] [doVerifyCertificate] - Result of platform cert verification: [UNKNOWN]
2017-06-22 11:28:42,883 DEBUG [0x000000016ef6f000] [rc/cert/common/BaseCertVerifier.cpp(271)] [csf.cert.] [checkIdentity] - About to check for an Identity Match.
2017-06-22 11:28:42,883 DEBUG [0x000000016ef6f000] [ls/src/cert/common/CertVerifier.cpp(154)] [csf.cert] [checkIdentifier] - Verifying identity '10.16.125.40'
2017-06-22 11:28:42,884 ERROR [0x000000016ef6f000] [rc/cert/utils/AltNameParserImpl.cpp(414)] [csf.cert.utils] [verify] - No Match Found for '10.16.125.40'
2017-06-22 11:28:42,884 ERROR [0x000000016ef6f000] [rc/cert/common/BaseCertVerifier.cpp(324)] [csf.cert.] [checkIdentifiers] - Verification of identity: '10.16.125.40' failed.

I configured the firewall to permit me access to any in both directions, I am also able to access CUCM and the Jabber server through the IP Address on the IPhone with Google Chrome, so I know that the firewall is permitting me access. I am wondering if there is some setting in CUCM I am missing. 

Thank you

-JD

Cisco Employee

If 10.16.125.40 is a CUCM/IM

If 10.16.125.40 is a CUCM/IM&P/CUC, have you already loaded the server certificates to the device? or clicked on accept when prompted?

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
New Member

All of our computers prompt

All of our computers prompt for multiple certificates when signing in and I was anticipating the same on the IPhone, but unfortunately nothing appears except the error. If I navigate to the 10.16.125.40 via Chrome, the Certificate warning appears and I am able to click continue, but no pop ups with the App.

Thank you

-JD

Cisco Employee

Then try loading the

Then try loading the certificates to the device and test again.

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
New Member

As I mentioned all of our

As I mentioned all of our devices that use Cisco Jabber have to accept the certificates and it works perfectly, in fact when I first configured Cisco Jabber to work over WiFi I accepted the certificates, so wouldn't they still be saved on the IPhone? If so, where can I delete them to see if that is the issue. In addition, we do not have a CA, but I believe that CUCM is capable of creating its own certificates, if so is there a guide on how to create and install certificates on an IPhone?

Thank you

-JD

EDIT

The reason I ask where are they saved on the phone is because everywhere I have read it states within the Settings, General, and Profiles, but I do not have a Profiles section and cannot find any other information other than if you do not have a profiles tab then you don't have any certificates, which makes no sense since I can log into Jabber on WiFi without having to accept anything, so they must have saved somewhere.

27
Views
0
Helpful
6
Replies