Showing results for 
Search instead for 
Did you mean: 

Blocking access from iPhones to Cisco VPN/ASA



Is it possible to recognize and block iphone userss (using IPSEC VPN Client) from accessing corporate VPN ? We have a typical setup of multple ASAs, cluster, for different types of groups. Corporate support is for desktops with installed cisco vpn client 5.x. We know the iphones have inherent cisco vpn client (or downloadable) that can be configured to act as a vpn client. Corporate is not ready to support it. But, wondering if there's any technical way to recognize and block it (i doubt .. but checking just in case).

ps.. i know for ssl we'll need the license for macOS. But, the above question is for ipsec vpn.


1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

Yes, you can block iPhone IPSec on the ASA.

Try to connect the iPhone to the ASA, then on the ASA check the exact client type and/or version from the following:

show vpn-sessiondb detail full filter name

The output would include the Client Type and Client version.

From the Client Type and Client version, you can block it from the group-policy configuration:

ASDM --> Configuration --> Remote Access --> Network (Client) Access --> Group Policies --> Advanced --> IPSEC Client --> Client Access Rules --> Add --> Action: Deny --> VPN Client Type: from the above output --> VPN Client Version: from the above output

Hope that helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers