IPsec Connections over Cisco Client do not work at Apples iOS 5

  • Article ID: 116217
  • Updated: 15 Oct 2012


In iOS 5 (both iPhone/iPad) Apple made some changes within the Cisco IPsec connection handling.

"In iOS 5, the signing of certificates with MD5 signatures is not supported. Please ensure that certificates use signature algorithms based on SHA1 or SHA2."

Source http://developer.apple.com/library/ios/#releasenotes/General/RN-iOSSDK-5_0/_index.html

In versions 7.000 to 7.401 all certificates were generated with an MD5 algorithm. Since v 7.402 all certificates are using a SHA1 algorithm.

First seen in

Sophos IPSec Client

What to do

If you're still using older certificates with the MD5 algorithm, you must re-generate your Signing CA and your Server-Certificate which you're using for Cisco VPN.

  1. Re-generate your Signing CA (Remote Access / Certificate Management / Advanced)
    CAUTION: The device and all user certificates will be regenerated with the new signing CA. This may break current Site-to-Site VPN and Roadwarrior connections.
  2. Create a new certificate for Cisco VPN (Remote Access / Certificate Management / Certificates).
  3. Choose this certificate in Remote Access / Cisco VPN Client / Global.
  4. Re-Download / Install the iOS Configuration File from the User Portal on your iPhone/iPad.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent