Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3842
Views
0
Helpful
1
Replies

AnyConnect Mobile "VPN on Demand" with Apple Devices

Chellis Dodge
Level 1
Level 1

‎11-16-2012 08:59 AM - edited ‎02-21-2020 06:29 PM

Hello Everyone,

I've been challenged at work to provide a VPN solution that allows Apple users at home to auto-launch the Cisco AnyConnect client when they click on a specific URL with our domain name. I have found this guide http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect24/iphone-user/guide/iphone-anyconnect-ug-24.html#wp49157 and have followed it step by step. However, when I click on a link on I recieve an error on the iPad saying "The VPN connection requires an application to start up". Now I may be confused about what is needed as far as certificates to get this working, we have purchased a SSL certificate from GoDaddy.com and installed it on the 5505 ASA which removed the certificate warning and untrusted VPN server prompts we were recieving. Using certificate based authentication with "VPN on Demand" do I have to have the entire CA/PKI infrustrure behind this and individual user certificates issued to each device?!

Here is some Background information

Cisco ASA 5505 using 9.0(1) Code

Cisco AnyConnect Mobile Client for iOS 5 (latest version from the store)

AnyConnect Essentials and Mobile Licensing installed, we can connect the the ASA if we launch the connection Manually.

AnyConnect Mobile Client Settings

Description: RoamBI Serve

Server Address: basic3.XXX.com

Network Roaming: ON

Use Certificates: ON (We have a SSL cert from GoDaddy.com installed on the ASA)

Selected Certificate: None

Commect on Demand: ON

   Always Connect: blank

   Never Connect: blank

   Connect If Needed: XXX.com

Labels:
0 Helpful
1 Reply 1

anosaxen
Level 1
Level 1

‎11-21-2012 05:05 AM

Hello Mr. Chellis,

Enabling the Apple iOS Connect On Demand Feature

The Apple iOS Connect On Demand feature enables the establishment of VPN connections specified in the Domain List  without user interaction. All applications should be compatible with  the Connect on Demand framework. However, it is not possible to prevent  an application that makes a DNS request from potentially triggering a  VPN connection. Connect on Demand supports only certificate  authenticated connections (see Using Certificates).

Please reffer to

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect24/iphone-user/guide/iphone-anyconnect-ug-24.html#wp54311

https://supportforums.cisco.com/thread/2132205

HTH

Anoop

0 Helpful
Customers Also Viewed These Support Documents