Question : Problem: Iphone VPN

My company runs SBS 2008 and we have an "all in one" Cisco 871W (router,vpn...). We use the Cisco device for our VPN needs.
A few of my employees are starting to get Iphones and of course are wanting to set up their iphone to get their email via activesync or IMAP. I'm a bit concerned about them logging onto our server in an airport or hotel via wifi.
I've seen that you can set up a VPN connection on the Iphone... Is this a practical solution to ensure a secure connection to our email server? Can the VPN connection be "always on" ...At least for wifi use? It would be great if I could set this up on the Iphone so it automatically connected to the VPN without any user input. (Im the only young guy in the office, the rest of the guys are pushing 75 so the simpler, the better.)
We use self-signed certs and I noticed that the Iphone was able to connect to our exchange server without installing the cert...That kind of suprised and scared me...

Answer : Problem: Iphone VPN

There are two different issues here. One is encryption, which deals with the security of the connection against eavesdropping. The second is verification, which concerns whether the server you have connected to is the one you think you have connected to.

If you are using a self-signed certificate, you need to authorise the certificate to confirm that the server you have connected to is the one you mean to connect to. This can either be by already having a copy of the certificate, or by accepting the certificate that you are given the first time you connect.

However, in either of these two situations, you will have an encrypted connection to the server. What I suspect happened is that when the users first connected to the mail server, an alert popped up stating that the certificate was not signed by a certifcate authority, and did the user wish to continue. They clicked yes, and the iPhone then used that certificate for the encryption of the data.

In either case, assuming you have SSL turned on, the data will be secure as far as anyone eavesdropping is concerned.

Cheers,

Joel

Random Solutions

Problem: Windows Mobile 6 problems connecting to Exchange 2003 with SSL

Problem: Monitor goes black after 2 seconds

Problem: Intellimouse 4.12 losing custom settings

Problem: WTF's up with my iSCSI network config ???

Problem: Network printer access blocked after working okay in the past

Problem: What is the best backup drive option for a server?

Problem: LogiTech mouse all of a sudden dead.

Problem: Web Browser fo choice for a Terminal Server environment

Problem: How is it possible to compress 25GB to a 447KB file?

Problem: Heat monitoring software.