AnyConnect Apple iOS - Transition to Apple's latest VPN framework (NetworkExtension)
On approximately June 14, 2017, we will begin the public transition away from Apple's deprecated iOS VPN framework (VPN Plugin) which is what is currently used by AnyConnect to Apple's current VPN framework (NetworkExtension). The new framework will allow for more reliable VPN connectivity and also allows for us to finally officially support Per App VPN connectivity, not just for TCP applications, but UDP applications as well. Per App support requires EMM configuration.
Transition timeline and process -
Approximately June 14, 2017 An additional (new) AnyConnect application will appear in the App Store. This new application will be supported on iOS 10.x and later. We recommend the latest version of iOS 10.x or later is always used as Apple has provided bug fixes to improve the reliability of this newer framework.
App Store willing, the old application will be renamed to Cisco Legacy AnyConnect and will be rebranded with legacy branding in this same timeframe.
Phase out of legacy AnyConnect -
The legacy application (existing older AnyConnect) will only receive critical bug fixes going forward and will be phased out over an extended period of time. More details on the phase out timing will be announced at a later date.
Transition process -
Unfortunately there is no ability to automatically transition users from the old OS framework to the new framework. Users will need to download the newer AnyConnect application or have EMM push out the new AnyConnect application. The new application will need to be re-provisioned, whether manually or via EMM. This includes pushing down configuration and certificates (if applicable). To avoid confusion or conflicts, the old application should be removed from the endpoint.
EMM configuration -
EMM vendors must support VPNType (VPN), VPNSubType (com.cisco.anyconnect) and ProviderType (packet-tunnel). For integration with ISE, they must be able to pass the UniqueIdentifier to AnyConnect since AnyConnect no longer has this access directly in the new framework. Please consult with your EMM vendor for how to set this up, some may require this to be set up as a "custom" VPN type and others may not have support available at release time.
I set Dynamic Auto NAT. The ping was passed correctly in all areas until setup. I sent 'ping 188.8.131.52' from RTA after setting up Dynamic Auto NAT, but the ping is not delivered. I checked the ASA and I realized the request comes in properly, but it doesn...
Hi. I am struggling with cisco packet tracer, i am a beginner in this field. I just build 3 vlans for my internal network that i want to connect to my firewall. I cant seem to connect it to the firewall. I just cant figure out how i should let the fi...
Hello Team,Getting Alarm for 25 Host compromised by SI system of FTD/FMC. Source of the hit is showing CNC.. which is already blocked by the policy.. Not sure then why compromised host is showing. This devices are not there in prefilt...
DNS based Security Intelligence blocks attempts to resolve black listed names in DNS requests.Does it also block DNS responses containing referalls to black listed names? For example, I try to resolve A (which is a white name).The response does not c...
Hello,We are currently in the process of preparing for a migration from a pair of ASA 5525Xs to a pair of 2140 FTD appliances. We have SAML authentication configured on the ASAs for MFA to our Azure instance for AnyConnect remote access VPN which wo...