I have an iPad running iOS 6 that when connected to my corporate wireless is able to connect to both the Presence and CUCM servers. All functionality works at this point.
When I attempt to connect outside of my corporate wireless I am having problems. I connect through AnyConnect to my corporate network. When I start Jabber for iPad it will connect to my Presence server but not to my CUCM cluster. Both the CUCM cluster and the Presence server are in the same subnet and that is allowed through the split tunnel. If I monitor the traffic I can see it send traffic to Presence over the VPN pool address but traffic over TCP 5060 to the CUCM cluster is attempting to use the outside address of the iPad and is getting blocked by our firewall. The only way that I have successfully connected is using a full tunnel instead of a split tunnel for traffic to our site but we do not want to tunnel all user traffic, just the information we care about.
I have attempted to setup the ondemand VPN field as well as the SecureConnect with no luck at all.
As another note, we use the same VPN tunnels for our PCs and they are able to communicate with no problems, just the iPad will not.
CUCM - 8.6.2
Presence - 8.5.2
ASA 5550 - 8.4.1
The iPad is connecting through a standard at home wireless or the built-in 3G service. So I do not have the ability to create a route on those devices.
Have you found a solution to this problem yet? We are having the exact same issue. I use the same group policy, split-tunnel, etc for both the iPad VPN and the PCs. Jabber for windows works great over VPN, but the iPad will only connect to the Presence server. It won't register to the CUCM. I did a packet capture off of the ASA and can see it downloading the config file for the phone over 6970. After it's downloaded, that's the end of the communication with the CUCM. From the ASA, it never attempts to register.
Unfortunately I have not been able to get a split tunnel to work at all with the iPad. The communication to the Presence server occurs over the VPN tunnel but CUCM traffic is going over the outside IP address and not the tunnel. I switched all iPad groups to full tunnels and that works but they are obviously slower tunnelling all the traffic we don't care about. This started for us with iOS 5 but got worse with iOS 6. I had a few customers drop the iPad and go to Ultrabooks and have been much happier.
On my own little rant, it is extremely hard to say that the iPad is fit for business use when we have had so many issues with the VPN on it. I am hoping that Cisco starts working with Microsoft for some better Windows 8 support/applications. It would be nice to have that functionality on the Surface.
Sorry for the sidebar there. Just very frustrated with the iPads right now.
Same setup, same problems.
I went through Jabber logs and I've seen that Jabber is using physical IP address for SIP source and is not going into VPN tunnel. Jabber VPN settings do not have any effect
I thought I have something wrong in my config, but it looks like we are not alone ...