HOW TO: Disable XAUTH on iPhone Cisco IPSec

Mike R.
Mike R. used Ask the Experts™
on
I'm trying to setup an openswan VPN for use with iPhone, IPSec and identity certificates. However, the iPhone is set to use Extended Authentication (XAUTH) and something is failing during that part of the transaction.

I don't need or want Extended Authentication for this connection. Using the RSA certificates is enough. But the iPhone seems to be permanently set to use XAUTH. And if it is set to use XAUTH, the server has to be as well.

Thaks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
ParanormasticCryptographic Engineer

Commented:
Have you disabled it on the VPN?

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_static_ipsec_peer.pdf

Example: crypto isakmp key %sharedkeystring% address 172.21.230.33 no-xauth

This is probably the forum with the most chatter about something resembling your issue:
https://discussions.apple.com/thread/2470820?start=30&tstart=0

I haven't read through it all, but a number of people mention adding in AES-128 into the cipher list, which I think from your earlier ticket you might not have had enabled.

Hope this helps...

Author

Commented:
Hey Paranormastic,

Thanks for the response. Unfortunately, when I disable it on the VPN gateway (server) i get a different error complaining that the initiator (the iPhone) wants XAUTH and we don't have it running.

Author

Commented:
I've requested that this question be deleted for the following reason:

No reponses.
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Commented:
The answer was, the /etc/pam.d/pluto file was corrupt. I coped the /etc/pam.d/pop file to /etc/pam.d/pluto and life is good again :-)
ParanormasticCryptographic Engineer
Commented:
Comment 36994285 should be marked as answer.  I think this has value and should not be deleted.

Author

Commented:
Points for trying. No one else even traid :-)

Thanks!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial