Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 1 subscriber
  • Views 12015 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

iPhone Cisco VPN /Couldn't validate Server certificate

keamas
Hi,
I configured the Cisco VPN option on my Sophos UTM Firewall.
When I connect with my Windows Cisco VPN Client from remote, everything works great.

But when I try it with my iPhone 5 Firmware 6.1.3 I get the message:
VPN Connection: Could not validate the server certificate.

Here are the settings:
Global:
Interface: External WAN
Server certificate: Local X509 Cert
Pool Network: VPN Pool (Cisco)
Local Networks: Any
User and Groups: Users

IOS Settings:
Connection name: VPN (IPsec)
Override hostname: vpn.test.dyndns.org


This thread was automatically locked due to age.
Parents
  • 0
    79.125.21.244 is an Astaro V8 Up2Date server - probably a coincidence that it happened while you were watching 443.

    So, it looks like port 443 traffic is allowed out, but not in...

    If I switch the user portal to port 443 I see no traffic;

    tcpdump -n -i eth1 port 443
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes

    We must conclude that the traffic is being filtered out before it reaches the UTM.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    so maybe it is because of the telecom router before the Sophos UTM.

    I put the sophos UTM IP as a DMZ IP into the telecom router.
    Maybe it is possible to forward the port 443 to the sophos utm on the telecom router or what do you suggest ?
Reply
  • 0 in reply to BAlfson
    so maybe it is because of the telecom router before the Sophos UTM.

    I put the sophos UTM IP as a DMZ IP into the telecom router.
    Maybe it is possible to forward the port 443 to the sophos utm on the telecom router or what do you suggest ?
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?