Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
0
Helpful
2
Replies

AnyConnect VPN - Future Features

Bo-Huei Lin
Cisco Employee
Cisco Employee

‎12-21-2015 12:08 PM - edited ‎02-21-2020 08:35 PM

Hi there,

If you would make a feature recommendation to AnyConnect VPN (Either Desktop or Mobile platforms), what would it be?

Thanks,

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎12-21-2015 04:37 PM

ASA Support - Excellent.  Don't mess with this too much.  Sometimes less is better.

IOS support - average.  Been big improvements in the last 24 months.

IOS IKEv2 support - poor.

Suite-B support on IOS - challenging and should only be attempted by the criminally insane.

* General drift, you need to do work on the IOS side.

One feature request - create an option for users to be able to import "profiles" (aka XML files), exactly like you can with the older Cisco IPSec VPN client.  Users should not have to navigate directories and copy and paste files just to get their VPN client working.

Don't do anything else until you have done the above.  I can't believe this "feature" does not exist already.

I would like to be able to use AnyConnect over IKEv2 to a standalone IOS box (not RADIUS) without having to use certificates on the client side, and without having to manually edit XML files.  IOS does not support EAP.  So you would need to support some other kind of authentication, or move an entire mountain and get local EAP support for "local" IOS accounts (this would actually make lots of other challenging things much easier that have nothing to do with AnyConnect).

Split tunnel support is one of the main reasons for using AnyConnect.  There are several IOS IKEv2 configurations that remove this feature (the router treats the AnyConnect client like a "generic" IKEv2 client - and if something is entirely Cisco proprietary then we should be able to keep our split tunnel support).

I would like to see AnyConnect support for SCEP and the IOS certificate server - just like their is for the ASA certificate server.  This would help a lot with IKEv2 certificate deployments.

Also please please please stop messing with the licencing system.  Especially on ASA.  Get rid of subscription based AnyConnect licencing on the ASA.  If customers wanted that they would buy Meraki.  I *much* preferred when there was just AnyConnect Essentials and AnyConnect premium licencing.

Not an AnyConnect issue, but I swear you need a degree to properly licence up an ASA now.  I hate it.  Someone in Cisco had a great idea and kept tweaking it and forgot that sometimes "less" is "more".

Better stop now before I end up ranting.  :-)

0 Helpful

Rolando Valenzuela
Level 4
Level 4
In response to Philip D'Ath

‎12-22-2015 10:15 AM

No java dependency.

0 Helpful
Customers Also Viewed These Support Documents