cancel
Showing results for 
Search instead for 
Did you mean: 

IKEv2 on iOS 12

New Contributor

IKEv2 on iOS 12

Hello Everyone...

 

We're on a trial for Pulse Secure seeing if it will work for us, and we're having some irrittating issues with IKEv2 and iOS.

 

We don't want to use the Pulse Secure app on the phones, we just want to use the native VPN connection.

 

After running through the instructions listed in KB40431 and KB21321, we're still not getting a connection.

 

Created the PCS Local Auth Server (MS-CHAP-Local Auth) and made sure that passwords were stored as clear text. Created our test user in that auth server. Created a new user realm (IKEv2) and set the new local auth server for the authentication, and created the role mapping for the rule to map to the user role. Mapped the ports in the IKEv2 and checked the make sure the VPN was checked in the user role.

 

When we try and connect on the iOS device, it says 'User Authencation Failed.' I check the log files, and there is nothing listed for attempted authentication, failed authentication, nothing. 

 

I can't provide log files because it's not even seeing the connections. I have the ports forwarded in the router, and the router logs are showing the connection coming through and being forwarded to the right IP address, just nothing is happening. 

 

 

Thoughts? I Google'd around a little bit, and couldn't find anything, and looked around on these forms, couldn't find anything either. Hopefully this is the right forum for this (Mobile Client) since I'm having issue with iOS.

 

 

Thanks.

3 REPLIES 3
New Contributor

Re: IKEv2 on iOS 12

Well; I guess we'll take our business elsewhere.

 

No one here seems to have an answer, and we're not receiving any assistance from support.

 

Thanks for wasting our time.

Highlighted
Ray
Contributor

Re: IKEv2 on iOS 12

@Squeaky,

To make the IKEv2 connection to work on the iOS, we should fulfil the below list:

--- You got the authentication, profile and basic settings in place, I believe.
--- VPN identity Certificate chain should be complete and trusted by public CA.
--- Certificate should have a SAN name which should be matching with IKEv2 profile in the iOS.
--- Connection profiles should have ESP transport policy set any available SHA suites.
--- You should use FQDN of the VPN server in the iOS IKEv2 profile.

What is the behavior that you're experiencing when you're connecting to IKEv2. If you take a TCP dump on the external port while attempting, are you see the UDP-500 and UDP-4500 packets reaching the VPN??
Moderator

Re: IKEv2 on iOS 12

What is the router fronting the system?
Does the router show the packets going through to the PCS? Does the PCS show the packets being received? Do other clients connect successfully?