I've been challenged at work to provide a VPN solution that allows Apple users at home to auto-launch the Cisco AnyConnect client when they click on a specific URL with our domain name. I have found this guide http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect24/iphone-user/guide/iphone-anyconnect-ug-24.html#wp49157 and have followed it step by step. However, when I click on a link on I recieve an error on the iPad saying "The VPN connection requires an application to start up". Now I may be confused about what is needed as far as certificates to get this working, we have purchased a SSL certificate from GoDaddy.com and installed it on the 5505 ASA which removed the certificate warning and untrusted VPN server prompts we were recieving. Using certificate based authentication with "VPN on Demand" do I have to have the entire CA/PKI infrustrure behind this and individual user certificates issued to each device?!
Here is some Background information
Cisco ASA 5505 using 9.0(1) Code
Cisco AnyConnect Mobile Client for iOS 5 (latest version from the store)
AnyConnect Essentials and Mobile Licensing installed, we can connect the the ASA if we launch the connection Manually.
AnyConnect Mobile Client Settings
Description: RoamBI Serve
Server Address: basic3.XXX.com
Network Roaming: ON
Use Certificates: ON (We have a SSL cert from GoDaddy.com installed on the ASA)
The Apple iOS Connect On Demand feature enables the establishment of VPN connections specified in the Domain List without user interaction. All applications should be compatible with the Connect on Demand framework. However, it is not possible to prevent an application that makes a DNS request from potentially triggering a VPN connection. Connect on Demand supports only certificate authenticated connections (see Using Certificates).