Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ASA Iphone, Ipad VPN client pre-shared key (PSK) special characters bug

I ran into this in a deployment of IPSec clients with apple ipad and iphone native vpn client. Here are details:

Cisco ASA 8.2.5 OS
Ipad, running 5.0.1
Iphone i4S, running OS 5.0.1

Special characters make your pre-shared key more secure, so i used a password generator app to make one that coincidently included a " (quotation mark). After configuring this PSK on a Ipad, i was unable to connect. I saw nothing in the ASA logs, indicating the Ipad didnt even try to connect.

The Ipad generated the following error message:

VPN Connection
A configuration error occured
OK Button

After searching for quite some time, i found this somewhat obscure reference to the bug:

http://blogs.oreilly.com/iphone/2008/07/strong-passwords-can-hurt.html

Special thx to this guy!

So i started to test special characters to see what would work, adding in 1 character at a time. Here is where I stopped:

pre-shared-key !@#$%^&*()_-+=;:'<>,.

These characters worked in the PSK. If you are curious, and want to play, have fun. I assume the alphnumerics will work since those are pretty standard.

As a side note, here are a few more interesting items:

1) The " (quote mark) does work when you run the real cisco vpn client. This was successful on a Windows 7 laptop with 5.X VPN Client.
2) The ? (question mark) doesnt work as well, but that is a little easier to figure out because when you configure it on the ASA, context-sensitive help kicks in and knocks you off the config line.

3) Iphone I4S suffers from the same issue - doesnt like quotes.

4) Android is probably not affected by this bug, but I tested on an open source TUN driver- enabled adroid - not the bionic.

Hope that saves someone some time, sometime!

W

1 REPLY
Hall of Fame Super Silver

ASA Iphone, Ipad VPN client pre-shared key (PSK) special charact

Thanks for the tip.

Help stamp out special characters in passwords. Their "strength" is a myth!

Explained nicely here: http://xkcd.com/936/

2264
Views
0
Helpful
1
Replies
CreatePlease to create content