Question : Problem: Iphone VPN

My company runs SBS 2008 and we have an "all in one" Cisco 871W (router,vpn...). We use the Cisco device for our VPN needs.
A few of my employees are starting to get Iphones and of course are wanting to set up their iphone to get their email via activesync or IMAP. I'm a bit concerned about them logging onto our server in an airport or hotel via wifi.
I've seen that you can set up a VPN connection on the Iphone... Is this a practical solution to ensure a secure connection to our email server? Can the VPN connection be "always on" ...At least for wifi use? It would be great if I could set this up on the Iphone so it automatically connected to the VPN without any user input. (Im the only young guy in the office, the rest of the guys are pushing 75 so the simpler, the better.)
We use self-signed certs and I noticed that the Iphone was able to connect to our exchange server without installing the cert...That kind of suprised and scared me...

Answer : Problem: Iphone VPN

There are two different issues here. One is encryption, which deals with the security of the connection against eavesdropping. The second is verification, which concerns whether the server you have connected to is the one you think you have connected to.

If you are using a self-signed certificate, you need to authorise the certificate to confirm that the server you have connected to is the one you mean to connect to. This can either be by already having a copy of the certificate, or by accepting the certificate that you are given the first time you connect.

However, in either of these two situations, you will have an encrypted connection to the server. What I suspect happened is that when the users first connected to the mail server, an alert popped up stating that the certificate was not signed by a certifcate authority, and did the user wish to continue. They clicked yes, and the iPhone then used that certificate for the encryption of the data.

In either case, assuming you have SSL turned on, the data will be secure as far as anyone eavesdropping is concerned.

Cheers,

Joel

Random Solutions

Problem: Need to boot up using a SATA CD drive into DOS environment

Problem: iPhone - Wireless Network Selection

Problem: I need to extend wireless range of Netgear DG834GT router

Problem: Apple, Airport Extreme how to connect to remote office microsoft small business server

Problem: Home folders not mapping for everyone on Windows 2003 terminal server

Problem: ATI RADEON 9700PRO OR GIGABYTE GV-R9700 PRO

Problem: Backups to two servers

Problem: Flash Disk cannot open Word document properly

Problem: how to configure Cisco Access point

Problem: emachine t2672 won't power up