cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
891
Views
0
Helpful
1
Replies

Blocking access from iPhones to Cisco VPN/ASA

arathyram
Level 1
Level 1

Hi

Is it possible to recognize and block iphone userss (using IPSEC VPN Client) from accessing corporate VPN ? We have a typical setup of multple ASAs, cluster, for different types of groups. Corporate support is for desktops with installed cisco vpn client 5.x. We know the iphones have inherent cisco vpn client (or downloadable) that can be configured to act as a vpn client. Corporate is not ready to support it. But, wondering if there's any technical way to recognize and block it (i doubt .. but checking just in case).

ps.. i know for ssl we'll need the license for macOS. But, the above question is for ipsec vpn.

thx

1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

Yes, you can block iPhone IPSec on the ASA.

Try to connect the iPhone to the ASA, then on the ASA check the exact client type and/or version from the following:

show vpn-sessiondb detail full filter name

The output would include the Client Type and Client version.

From the Client Type and Client version, you can block it from the group-policy configuration:

ASDM --> Configuration --> Remote Access --> Network (Client) Access --> Group Policies --> Advanced --> IPSEC Client --> Client Access Rules --> Add --> Action: Deny --> VPN Client Type: from the above output --> VPN Client Version: from the above output

Hope that helps.