Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
568
Views
0
Helpful
1
Replies

AnyConnect on iPhone with Windows CA and 2951

adamtodd16
Level 3
Level 3

‎10-22-2013 03:13 PM - edited ‎02-21-2020 07:15 PM

Attempting to configure AnyConnect for iPhone for on demand access.

Have configured a Windows CA to provide the required certificates and have enrolled the 2951 with the CA.

Have not been been able to get the configuration to work. Have gone through countless documents and spoken to TAC about the issue. Just wondering if anyone has any experience with a similar configuration? I'm not set on using the windows server as the CA if there is an easier way.

Labels:
0 Helpful
1 Reply 1

Gustavo Medina
Cisco Employee
Cisco Employee

‎10-23-2013 02:36 PM

Hello Adam,

Unfortuantely Cisco IOS routers do not support the Cisco AnyConnect Secure Mobility client for Apple iOS at this time.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/rn-ac3.0-iOS.html#wp1124492

It's on the roadmap though and tracked by CSCtx24822

Also regarding the On-Demand I wanted to point out that Apple has made some significant changes to their VPN On Demand framework with the release of Apple iOS 7:

  • Deprecated the use of the OnDemandMatchDomainsAlways plist key. Any domains contained within the "Always Connect" list will now be treated as if they were in the "Connect If Needed" domain list by the system.
  • The evaluation model of the ruleset has changed to support a dynamic number of rule types providing additional flexibility to the Administrator.
  • Additional Network Detection conditions, actions, as well as new tertiary rulesets on the domain matching rules.

In Apple iOS 5 and earlier, there was one type of matching rules, the domain-matching rules described in the relevant section. Apple iOS 6 introduced a new type, network detection rules, that acted whether to enable or disable the domain-matching rules as dictated by a set of conditions based upon the WiFi interfaces network attributes. In Apple iOS 7 a similar concept remains, except that network detection rules take precedence where you can now define a VPN on Demand ruleset that does not use any domain-matching rules if you choose not to include them.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/user/guide/iphone-ugac-ios.html#wp188630

"Apple iOS 7 no longer supports Always Connect domains. When running AnyConnect on Apple iOS 7 devices, any domains listed asAlways Connect will be treated as Connect if Needed domains."

-Gustavo Medina

0 Helpful
Customers Also Viewed These Support Documents