Sin Jun 11, 2008

Well, I hope next up for the iPhone (the apple one ) is an official cisco sccp client, for integration with the Call Manager setup here. When that happens I can toss out the Nokia E61i I have, and just go with that new 3G iPhone from Apple

sorry, rabid mac user here.

Brewster Jul 14, 2008

It is not enterprise ready if it doesn’t work.
Check out the Apple discussion groups
under iPhone. There are no sucess stories
yet, only problems.

john Jul 15, 2008

Too bad just like every other Cisco VPN client, with an upgrade in the OS, it has problems. Only this time it not only affects that device, but all clients attached. Very robust!

“An unknown issue with the wireless VPN concentrator has caused it to stop
talking to some of the VPN clients. As a result, these clients are not
getting a response from any web sites they visit. Technicians are
investigating this problem.

—Updated Mon Jul 14 12:16:11 2008 by Jeffrey Uebele

The “unknown issue” has been traced to the behaviour of the new iPhone OS 2.0.

We are advising iPhone users not to use the iPhone VPN client at the
present time. This device has an issue that causes major problems for other
wireless users.”

When will Cisco release a VPN client that doesn’t have 40 pages of release notes and is actually robust? When will Cisco program in the ability to detect whena system is going into standby and gracefully disconnect?

havard Jul 16, 2008

Why doesn’t the Cisco VPN client on iPhone receive and update the DNS settings? VPN into an internal network usually requires internal DNS servers.

David Szego Jul 22, 2008

havard: I’m having similar problems… On iPhone Beta up to 5a240d, I was able to use the PIX-supplied DNS server just fine.

Now, on the retail 3G hardware, I’m no longer able to use my internal DNS. The iPhone’s Cisco client simply ignores it and uses the iPhone’s WiFi (or 3G) connection’s supplied DNS.

Kevin Jul 25, 2008

Has anyone got the Cisco IPSEC client on iPhone to work with Nortel Contivity VPN Server? We are getting errors about “no proposal chosen”  None of the config changes we have done appear to work.  Do we know what encryption/algorithm/proposal groups, etc. the client supports?

Thanks!
Kevin

GV Aug 1, 2008

It only connects to an ASA or PIX. It does not connect to an IOS VPN router or a 3000 concentrator. What could possibly the reason behind that? When I first read it supports Cisco VPN I thought I could connect to my IOS router.

The client on the iPhone even says it is connected, but nothing is going through the tunnel. Only when you check the debug logs on the router you’ll notice some errors like “IPSec policy invalidated proposal with error 32” and eventually a “NOTIFY PROPOSAL_NOT_CHOSEN”...

CR Aug 4, 2008

I am getting the same issue as CV.  It says “connected” but there are no error messages on the iPhone.  I see similar messages in the IOS logs.

NEP Aug 7, 2008

the iPhone IS NOT ENTERPRISE READY.  Most configurations will not work with the Cisco VPN client, even though they claim they support Cisco VPNs.  They only support connecting to certain Cisco hardware and OS versions, and not the majority of them.

arh Aug 25, 2008

If this is a VPN client for Cisco’s ASA devices, then why does the configuration screen not ask the same questions as the VPN client on the Mac?  I can’t configure it the same way because the iPhone’s VPN client does not have the same options to select and/or fill in.  It’s infuriating, like someone insists on speaking their own private language when in a room full of people who could not understand that language.

The Cisco VPN client on the Mac asks the following:
Connection Entry
Description
Host
Choose Group Authentication or Mutual Group Authentication (no equivalent on iPhone—we use Group)
Name
Password

The iPhone’s IPSEC client asks these different questions:
Description
Server (good so far)
Account (which is the equivalent of WHAT?)
Password   (good)
Group Name (so this is the same as NAME—then what is ACCOUNT?)
Secret   (WHAT?)

Mark Aug 28, 2008

I can’t get this to work.  All I see is people having problems in the forum.  This does not work!!!!  It is NOT “Enterprise-ready”.

SHARAT AIRANI Sep 11, 2008

Yeah..It doesn’t support FORTIGATE 200A. Which VPN client to use on iPhone?
Sharat

Ed Sep 26, 2008

My experience has been that I was able to connect to the VPN on OS 2.0.1, but after connecting, the device never seemed to try IP resolution on the VPN first. It would always try out on the internet first. It is also my experience as described above that there was no hope in using DNS names.

I upgraded to OS 2.1 now. After doing that, the VPN doesn’t connect at all. It just tries and tries to connect and after about 5 to 10 minutes (all a matter of how patient I am) I manually cancel the attempt.

I’ll be the first to admit I am not an expert. But I think and would have to agree that this client doesn’t appear to be robust. I am disappointed, I have always before had good results with Cisco. I have hope that will get something eventually that will work.

Stacy Yem Oct 13, 2008

I installed the Cisco VPN module onto my Touch (v2.1) last week and was up and running without any problems.  Also added the Exchange module too, and not I can read email as well.

Problems that I have been experiencing is the SSH over VPN - it times out.

Ananthu Krishnamoorthy Nov 26, 2008

I have the same issue. My VPN connection is all successful, I get an IP address assigned. Now, if I try the ssh or telnet to connect to any machine, it times out. - AK

If anyone finds a solution, please let me know thanks.

Pete Davis Dec 15, 2008

Hi Ananthu,

Are any applications functioning or just not telnet/SSH? 

I am able to successfully use Touchterm (SSH) over my iPhone VPN connection.

If you are not able to use any application you may want to consider opening up a case with the TAC to troubleshoot. The first thing to try would be to ensure that your normal Cisco VPN Client can connect and pass traffic to the same group on your ASA.

Apple has additional links to information off of the following link as well:
http://www.apple.com/iphone/enterprise/

Dennis Feb 15, 2009

Dear sir, madam,
I have configured My iPhone to connect my PIX trough VPN.
In the first time the first phrase wouldn’t succeeded.
But I read this ( http://blogs.oreilly.com/iphone/2008/07/strong-passwords-can-hurt.html ) and that’s now not really the problem. (to strong pw)
When I let the iPhone connect I see a popup ‘Enter User Authentication’ if I chose OK, its gone (I have the Dutch version)
If I see the syslog I see this: Authentication failed for user ‘’
it looks like the iPhone send an empty user account?
How can we fix this?
Regards,
Dennis
The Netherlands