Apple iPhone Enterprise-ready with Cisco VPN

March 7, 2008 - 18 Comments

Today at Apple’s Headquarters in Cupertino, CA, Apple’s CEO Steve Jobs and SVP of Marketing Phil Schiller announced new iPhone software 2.0 which will be released in June 2008 and will incorporate enterprise security features such as Cisco IPsec VPN and email/contact/calendar sync with Microsoft Exchange. This announcement is a testament of the growing trend of people around the world who are becoming more connected and collaborative in every aspect of their lives-including at work. We, of course, are pleased that Apple recognized Cisco’s leadership in enterprise security by incorporating our Cisco VPN technology into their iPhone new software release. While sitting in the audience, I couldn’t help but think that something wonderful was happening-The convergence of devices (iPhone), applications (Microsoft Exchange) and the platform, or network, (Cisco) we’re all working together to transform how we collaborate at work. Can wait to see what comes next!applephoto.jpg(Apple photo of Phil Schiller)You can view the video of the presentation at Apple here. Post by Pamela Ferrill, Cisco PR Manager

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Dear sir, madam, I have configured My iPhone to connect my PIX trough VPN.In the first time the first phrase wouldn’t succeeded.But I read this ( ) and that’s now not really the problem. (to strong pw) When I let the iPhone connect I see a popup ‘Enter User Authentication’ if I chose OK, its gone (I have the Dutch version)If I see the syslog I see this: Authentication failed for user ”it looks like the iPhone send an empty user account?How can we fix this? Regards,DennisThe Netherlands

  2. Hi Ananthu,Are any applications functioning or just not telnet/SSH? I am able to successfully use Touchterm (SSH) over my iPhone VPN connection. If you are not able to use any application you may want to consider opening up a case with the TAC to troubleshoot. The first thing to try would be to ensure that your normal Cisco VPN Client can connect and pass traffic to the same group on your ASA.Apple has additional links to information off of the following link as well:

  3. I have the same issue. My VPN connection is all successful, I get an IP address assigned. Now, if I try the ssh or telnet to connect to any machine, it times out. – AKIf anyone finds a solution, please let me know thanks.

  4. I installed the Cisco VPN module onto my Touch (v2.1) last week and was up and running without any problems. Also added the Exchange module too, and not I can read email as well.Problems that I have been experiencing is the SSH over VPN – it times out.

  5. My experience has been that I was able to connect to the VPN on OS 2.0.1, but after connecting, the device never seemed to try IP resolution on the VPN first. It would always try out on the internet first. It is also my experience as described above that there was no hope in using DNS names.I upgraded to OS 2.1 now. After doing that, the VPN doesn’t connect at all. It just tries and tries to connect and after about 5 to 10 minutes (all a matter of how patient I am) I manually cancel the attempt.I’ll be the first to admit I am not an expert. But I think and would have to agree that this client doesn’t appear to be robust. I am disappointed, I have always before had good results with Cisco. I have hope that will get something eventually that will work.

  6. Yeah..It doesn’t support FORTIGATE 200A. Which VPN client to use on iPhone?Sharat

  7. If this is a VPN client for Cisco’s ASA devices, then why does the configuration screen not ask the same questions as the VPN client on the Mac? I can’t configure it the same way because the iPhone’s VPN client does not have the same options to select and/or fill in. It’s infuriating, like someone insists on speaking their own private language when in a room full of people who could not understand that language.The Cisco VPN client on the Mac asks the following:Connection EntryDescriptionHostChoose Group Authentication or Mutual Group Authentication (no equivalent on iPhone — we use Group)NamePasswordThe iPhone’s IPSEC client asks these different questions:DescriptionServer (good so far)Account (which is the equivalent of WHAT?)Password (good)Group Name (so this is the same as NAME — then what is ACCOUNT?)Secret (WHAT?)

  8. I can’t get this to work. All I see is people having problems in the forum. This does not work!!!! It is NOT Enterprise-ready””.”

  9. the iPhone IS NOT ENTERPRISE READY. Most configurations will not work with the Cisco VPN client, even though they claim they support Cisco VPNs. They only support connecting to certain Cisco hardware and OS versions, and not the majority of them.

  10. I am getting the same issue as CV. It says connected”” but there are no error messages on the iPhone. I see similar messages in the IOS logs.”

  11. It only connects to an ASA or PIX. It does not connect to an IOS VPN router or a 3000 concentrator. What could possibly the reason behind that? When I first read it supports Cisco VPN I thought I could connect to my IOS router.The client on the iPhone even says it is connected, but nothing is going through the tunnel. Only when you check the debug logs on the router you’ll notice some errors like IPSec policy invalidated proposal with error 32″” and eventually a “”NOTIFY PROPOSAL_NOT_CHOSEN””…”

  12. havard: I’m having similar problems… On iPhone Beta up to 5a240d, I was able to use the PIX-supplied DNS server just fine.Now, on the retail 3G hardware, I’m no longer able to use my internal DNS. The iPhone’s Cisco client simply ignores it and uses the iPhone’s WiFi (or 3G) connection’s supplied DNS.

  13. Has anyone got the Cisco IPSEC client on iPhone to work with Nortel Contivity VPN Server? We are getting errors about
    o proposal chosen”” None of the config changes we have done appear to work. Do we know what encryption/algorithm/proposal groups, etc. the client supports?Thanks!Kevin”

  14. Why doesn’t the Cisco VPN client on iPhone receive and update the DNS settings? VPN into an internal network usually requires internal DNS servers.

  15. Too bad just like every other Cisco VPN client, with an upgrade in the OS, it has problems. Only this time it not only affects that device, but all clients attached. Very robust! An unknown issue with the wireless VPN concentrator has caused it to stoptalking to some of the VPN clients. As a result, these clients are notgetting a response from any web sites they visit. Technicians areinvestigating this problem.– Updated Mon Jul 14 12:16:11 2008 by Jeffrey UebeleThe “”unknown issue”” has been traced to the behaviour of the new iPhone OS 2.0.We are advising iPhone users not to use the iPhone VPN client at thepresent time. This device has an issue that causes major problems for otherwireless users.””When will Cisco release a VPN client that doesn’t have 40 pages of release notes and is actually robust? When will Cisco program in the ability to detect whena system is going into standby and gracefully disconnect?”

  16. It is not enterprise ready if it doesn’t work.Check out the Apple discussion groups under iPhone. There are no sucess storiesyet, only problems.

  17. Well, I hope next up for the iPhone (the apple one 😉 ) is an official cisco sccp client, for integration with the Call Manager setup here. When that happens I can toss out the Nokia E61i I have, and just go with that new 3G iPhone from Apple :)sorry, rabid mac user here. 🙂

  18. quote: Can wait to see what comes next!””i guess you mean you CAN’T wait.. ;-)”