I ran into this in a deployment of IPSec clients with apple ipad and iphone native vpn client. Here are details:
Cisco ASA 8.2.5 OS Ipad, running 5.0.1 Iphone i4S, running OS 5.0.1
Special characters make your pre-shared key more secure, so i used a password generator app to make one that coincidently included a " (quotation mark). After configuring this PSK on a Ipad, i was unable to connect. I saw nothing in the ASA logs, indicating the Ipad didnt even try to connect.
The Ipad generated the following error message:
VPN Connection A configuration error occured OK Button
After searching for quite some time, i found this somewhat obscure reference to the bug:
These characters worked in the PSK. If you are curious, and want to play, have fun. I assume the alphnumerics will work since those are pretty standard.
As a side note, here are a few more interesting items:
1) The " (quote mark) does work when you run the real cisco vpn client. This was successful on a Windows 7 laptop with 5.X VPN Client. 2) The ? (question mark) doesnt work as well, but that is a little easier to figure out because when you configure it on the ASA, context-sensitive help kicks in and knocks you off the config line.
3) Iphone I4S suffers from the same issue - doesnt like quotes.
4) Android is probably not affected by this bug, but I tested on an open source TUN driver- enabled adroid - not the bionic.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...