I have an ASA that's providing IPsec VPN services using certificate authentication (no xauth, just the certs). It works perfectly with the Cisco IPsec VPN Client. Now I'm trying to let iPhones connect.
I've installed the CA cert and a client certificate on the iPhone with a profile using iPCU, along with the VPN configuration. Then connecting gives the error "Could not validate the server certificate". Additionally, the ASA logs the error "Received encrypted Oakley Informational packet with invalid payloads".
FWIW, I receive the same invalid payload error when trying to use the Snow Leopard IPsec client to connect.
Has anyone successfully gotten the iPhone IPsec client to work with certificate auth?
Best Answer
To expand upon Simon's answer the iPhone requires that the subjectAltName of the VPN Server's certificate match either the hostname (it will check through dns) or the IP address of the server to which you're trying to connect. If this does not match you will get the "Could not validate server certificate" error. I was having this same problem and it took me hours to discover that extra proprietary bit.