In iOS 5 (both iPhone/iPad) Apple made some changes within the Cisco IPsec connection handling.
"In iOS 5, the signing of certificates with MD5 signatures is not supported. Please ensure that certificates use signature algorithms based on SHA1 or SHA2."
In versions 7.000 to 7.401 all certificates were generated with an MD5 algorithm. Since v 7.402 all certificates are using a SHA1 algorithm.
First seen in
Sophos IPSec Client
What to do
If you're still using older certificates with the MD5 algorithm, you must re-generate your Signing CA and your Server-Certificate which you're using for Cisco VPN.
- Re-generate your Signing CA (Remote Access / Certificate Management / Advanced)
CAUTION: The device and all user certificates will be regenerated with the new signing CA. This may break current Site-to-Site VPN and Roadwarrior connections.
- Create a new certificate for Cisco VPN (Remote Access / Certificate Management / Certificates).
- Choose this certificate in Remote Access / Cisco VPN Client / Global.
- Re-Download / Install the iOS Configuration File from the User Portal on your iPhone/iPad.