AnyConnect Apple iOS - Transition to Apple's latest VPN framework (NetworkExtension)
On approximately June 14, 2017, we will begin the public transition away from Apple's deprecated iOS VPN framework (VPN Plugin) which is what is currently used by AnyConnect to Apple's current VPN framework (NetworkExtension). The new framework will allow for more reliable VPN connectivity and also allows for us to finally officially support Per App VPN connectivity, not just for TCP applications, but UDP applications as well. Per App support requires EMM configuration.
Transition timeline and process -
Approximately June 14, 2017 An additional (new) AnyConnect application will appear in the App Store. This new application will be supported on iOS 10.x and later. We recommend the latest version of iOS 10.x or later is always used as Apple has provided bug fixes to improve the reliability of this newer framework.
App Store willing, the old application will be renamed to Cisco Legacy AnyConnect and will be rebranded with legacy branding in this same timeframe.
Phase out of legacy AnyConnect -
The legacy application (existing older AnyConnect) will only receive critical bug fixes going forward and will be phased out over an extended period of time. More details on the phase out timing will be announced at a later date.
Transition process -
Unfortunately there is no ability to automatically transition users from the old OS framework to the new framework. Users will need to download the newer AnyConnect application or have EMM push out the new AnyConnect application. The new application will need to be re-provisioned, whether manually or via EMM. This includes pushing down configuration and certificates (if applicable). To avoid confusion or conflicts, the old application should be removed from the endpoint.
EMM configuration -
EMM vendors must support VPNType (VPN), VPNSubType (com.cisco.anyconnect) and ProviderType (packet-tunnel). For integration with ISE, they must be able to pass the UniqueIdentifier to AnyConnect since AnyConnect no longer has this access directly in the new framework. Please consult with your EMM vendor for how to set this up, some may require this to be set up as a "custom" VPN type and others may not have support available at release time.
Currently we have an open incident with support. Half of our hosts in a CES cluster are backed up significantly. Those backed up are all in 68.232.x.x subnet. Those not backed up are al 216.71.x.x. Is anyone else experiencing this?...
Trying to implement a SSL cert for the web server on a Firepower 1010.Not managed by a FMC (yet). Still in Testing/R&D phase. I'm not using a known/trusted certificate authority. I have my own CA cert, generated locally, distributed locally, then...
HelloI am currently running an ASA 5515-x with version 9.2 and AnyConnect 3.1.I am working on upgradring both of these, but uncertain in which order to proceed. Will Anyconnect 3.1 still work after upgrading my ASA to version 9.8 or 9.6 ?Or do i have...
Hello,does it make sense to use AMP for Endpoints and also an AMP license on the Email Security Appliance (ESA)?AMP for endpoints is installed on every client and server so we are just wondering if licensing also the ESA appliance with AMP would provide a...
Hello I have some domains configured and firewalls added. I would like to move a firewall from, say, domain x to domain y, how can I do that? I read "https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-confi...