• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1737
  • Last Modified:

HOW TO: Disable XAUTH on iPhone Cisco IPSec

I'm trying to setup an openswan VPN for use with iPhone, IPSec and identity certificates. However, the iPhone is set to use Extended Authentication (XAUTH) and something is failing during that part of the transaction.

I don't need or want Extended Authentication for this connection. Using the RSA certificates is enough. But the iPhone seems to be permanently set to use XAUTH. And if it is set to use XAUTH, the server has to be as well.

Thaks!
0
Mike R.
Asked:
Mike R.
  • 4
  • 2
2 Solutions
 
ParanormasticCryptographic EngineerCommented:
Have you disabled it on the VPN?

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_static_ipsec_peer.pdf

Example: crypto isakmp key %sharedkeystring% address 172.21.230.33 no-xauth

This is probably the forum with the most chatter about something resembling your issue:
https://discussions.apple.com/thread/2470820?start=30&tstart=0

I haven't read through it all, but a number of people mention adding in AES-128 into the cipher list, which I think from your earlier ticket you might not have had enabled.

Hope this helps...
0
 
Mike R.Author Commented:
Hey Paranormastic,

Thanks for the response. Unfortunately, when I disable it on the VPN gateway (server) i get a different error complaining that the initiator (the iPhone) wants XAUTH and we don't have it running.

0
 
Mike R.Author Commented:
I've requested that this question be deleted for the following reason:

No reponses.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Mike R.Author Commented:
The answer was, the /etc/pam.d/pluto file was corrupt. I coped the /etc/pam.d/pop file to /etc/pam.d/pluto and life is good again :-)
0
 
ParanormasticCryptographic EngineerCommented:
Comment 36994285 should be marked as answer.  I think this has value and should not be deleted.
0
 
Mike R.Author Commented:
Points for trying. No one else even traid :-)

Thanks!
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now