46
Appendix
A
A Cisco VPN Server Configuration
Use these guidelines to configure your Cisco VPN server for
use with iPhone and iPod touch.
Authentication Methods
iPhone support the following authentication methods:
 Pre-shared key IPsec authentication with user authentication via xauth.
 Client and server certificates for IPsec authentication with optional user
authentication via xauth.
 Hybrid authentication where the server provides a certificate and the client provides
a pre-shared key for IPsec authentication. User authentication is required via xauth.
 User authentication is provided via xauth and includes the following authentication
methods:
 User name with password
 RSA SecurID
 CryptoCard
Authentication Groups
The Cisco Unity protocol uses authentication groups to group users together based on
a common set of authentication and other parameters. You should create an
authentication group for iPhone and iPod touch users. For pre-shared key and hybrid
authentication, the group name must be configured on the device with the group’s
shared secret (pre-shared key) as the group password.
When using certificate authentication, no shared secret is used and the user’s group is
determined based on fields in the certificate. The Cisco server settings can be used to
map fields in a certificate to user groups.