cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3677
Views
0
Helpful
1
Replies

AnyConnect Mobile "VPN on Demand" with Apple Devices

Chellis Dodge
Beginner
Beginner

Hello Everyone,

I've been challenged at work to provide a VPN solution that allows Apple users at home to auto-launch the Cisco AnyConnect client when they click on a specific URL with our domain name. I have found this guide http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect24/iphone-user/guide/iphone-anyconnect-ug-24.html#wp49157 and have followed it step by step. However, when I click on a link on I recieve an error on the iPad saying "The VPN connection requires an application to start up". Now I may be confused about what is needed as far as certificates to get this working, we have purchased a SSL certificate from GoDaddy.com and installed it on the 5505 ASA which removed the certificate warning and untrusted VPN server prompts we were recieving. Using certificate based authentication with "VPN on Demand" do I have to have the entire CA/PKI infrustrure behind this and individual user certificates issued to each device?!

Here is some Background information

Cisco ASA 5505 using 9.0(1) Code

Cisco AnyConnect Mobile Client for iOS 5 (latest version from the store)

AnyConnect Essentials and Mobile Licensing installed, we can connect the the ASA if we launch the connection Manually.

AnyConnect Mobile Client Settings

Description: RoamBI Serve

Server Address: basic3.XXX.com

Network Roaming: ON

Use Certificates: ON (We have a SSL cert from GoDaddy.com installed on the ASA)

Selected Certificate: None

Commect on Demand: ON

   Always Connect: blank

   Never Connect: blank

   Connect If Needed: XXX.com

1 REPLY 1

anosaxen
Beginner
Beginner

Hello Mr. Chellis,

Enabling the Apple iOS Connect On Demand Feature

The Apple iOS Connect On Demand feature enables the establishment of VPN connections specified in the Domain List  without user interaction. All applications should be compatible with  the Connect on Demand framework. However, it is not possible to prevent  an application that makes a DNS request from potentially triggering a  VPN connection. Connect on Demand supports only certificate  authenticated connections (see Using Certificates).

Please reffer to

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect24/iphone-user/guide/iphone-anyconnect-ug-24.html#wp54311

https://supportforums.cisco.com/thread/2132205

HTH

Anoop

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: