i have windows 2008 R2 as CA server. and i also have 2911 router as remote vpn server. Everything works fine for desktops computers and leptops. Users automatically enroll certificates on Microsoft CA server and get connected to vpn. But problem is with ipads. When i try to connect from ipad error massage deslpays "Could not validate the server certificate" and i also get chis error massage from router
"CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from x.x.x.x failed its sanity check or is malformed"
With ipads built in vpn client i can see the installed certificate and use it but with anyconnect client no certificates are displayed.
I'm having a similar problem as you with Ipad's. I can install the certificate (had to download the CA certificate and install it for it to be trusted) however the anyconnect client does not recognize the certificate and tells me that no certificates are available.
I'm talking with Apple about this as well at the moment. If I find anything I will post it here.
Another item to consider with this is that I found a problem with using the Certificates from a 2008 server using SHA2 and higher encryption. There's a microsoft fix for it. Wondering if there might be a similar problem with Ipad's and the anyconnect client.
yesterday i tried to do this configuration with ASA and Microsoft CA server, but the result was same. Works well with workstations and doesn't work with ipads . Today i am going to try different CA server.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...