Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Microsoft CA and Ipad vpn problem

hello

i have windows 2008 R2 as CA server. and i also have 2911 router  as remote vpn server. Everything works fine for  desktops computers and leptops. Users automatically enroll certificates on Microsoft CA server and get connected to vpn. But problem is with ipads. When i try to connect from ipad  error massage deslpays "Could not validate the server certificate"  and i also get chis error massage from router

"CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from x.x.x.x failed its sanity check or is malformed"

With ipads built in vpn client i can see the installed certificate and use it but with anyconnect client  no certificates are displayed.

4 REPLIES
New Member

Microsoft CA and Ipad vpn problem

Nika,

I'm having a similar problem as you with Ipad's. I can install the certificate (had to download the CA certificate and install it for it to be trusted) however the anyconnect client does not recognize the certificate and tells me that no certificates are available.

I'm talking with Apple about this as well at the moment. If I find anything I will post it here.

New Member

Microsoft CA and Ipad vpn problem

Another item to consider with this is that I found a problem with using the Certificates from a 2008 server using SHA2 and higher encryption. There's a microsoft fix for it. Wondering if there might be a similar problem with Ipad's and the anyconnect client.

http://support.microsoft.com/kb/968730

New Member

Microsoft CA and Ipad vpn problem

yesterday i tried to do this configuration with ASA and Microsoft CA server, but the result was same. Works well with workstations and doesn't work with ipads . Today i am going to try different CA server.

New Member

Microsoft CA and Ipad vpn problem

I have done it

i  just added SAN attributes on windows server 2008

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

net stop certsvc
net start certsvc

http://support.microsoft.com/kb/931351

and on identity certificate on cisco router added attributes

san:dns=dns.name[&dns=dns.name]

1296
Views
0
Helpful
4
Replies