To configure on Demand or other additional mobile settings for Anyconnect clients from the ASA, one can use the profile Editor to configure the settings by following the steps enumerated below:
However, if you are unable to find this option "Addition mobile-only settings" don't get too worried. Most likely what's happened is the version of Anyconnect package installed on the ASA is 2.5.x. While this is understandable since the iphone or ipad AC client version is also only 2.5.x., unforutnately this is also the reason behind you not being able to see the above option. This option was only integrated into the profile editor for AC 3.x packages. So if you were to install a 3.x Anyconnect package on your ASA, everything would work just fine.
Do I need to update clients on all devices then?
Now, you might be wondering, so does that mean I have to upgrade all my existing non-mobile clients to this version?? NOPE. ASA only requires that a 3.x package be installed in the ASA, not that it be in use by a client. So you can continue to use your existing client version, just add the 3.x client at the bottom of the list, by tweaking the order number in the command:
As long as this order no is greater than the other versions installed on the ASA, this version should never be used. You can do the same thing on ASDM by moving the packages up and down in the window shown below:
And voila... you know have the functionality of the 3.x profile editor without having to update your client versions. On a side note, it is definitely a good idea to consider moving to the 3.x code version.
Where do I download Ancyonnect client v 3.x from?
You can get the 3.x client from Cisco.com, however, unlike the 2.x clients, the 3.x client isn't called Anyconnect VPN client, instead it is called Anyconnect Secure Mobility Client:
I am trying to gain access to more attributes such as MacOS version since Apple may stop putting the version number in the User Agent field. I have JAMF as an MDM and already use it to validate compliance for VPN clients. I'm wondering if anyone has used ...
Hi there, I have been trying to implement DSCP filtering on a ASA 5506-X, using class maps. But have not been able to get it configured and working. It seems that the commands to do it are there, but looking at general DSCP filtering exam...
Hi Experts,We've Remote access VPN configured on ASA and authenticated by ISE with posture enabled. We've DC1 ASA which is never connected to DC2 ISE node and we'll be testing the failover connectivity. In Posture profile, we've server rules configured to...
Hi , My Question is regarding "Multiple Certificates per Node. One for Each Service" / Certs renewal Our current deployment consist of 6 ISE nodes => 2*PAN (Pri, Sec) , 2*Mnt (Pri, Sec) and 2*PSN (Pri, Sec), and we are using "Single Certifica...
Trying to setup Anyconnect with Azure AD SAML, using this guidehttps://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215935-configure-asa-anyconnect-vpn-with-micros.html I am able to perform a succesfull single signon ...