Per App VPN with AnyConnect 4 and iOS 9

joerg.ullrich · ‎09-25-2015

Hi guys,

I followed these guidelines for configuring the per app VPN function.
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/anyconnect-mobile-devices.html#task_177BC18FC4BF453487767E48B3982508
(a simple wizard configuration runs without problems)

Unfortunately I get only an error message in the ASDM
Group <PerAppVpnGroupPolicy> User <abcdef> IP <109.xx.xx.xx> SVC Message: 16/ERROR: Per-App VPN Configuration received from secure gateway was invalid.

The messages in the client give me no additional information.

Question
- I can really do this without MDM?
- is there an alternative source /example for these configurations

mstraessle · ‎11-29-2015

Hi Joerg

Have you been able to get this running?

I followed this guide and get it run on iOS 8.3 and 9.x with ASA 9.4.2. It seams like you missed the correct BASE64 value to put into the group policy. What OS are you running? I worked with simple AppID (like com.citrix.ReceiveriPad) and calculated the Base64 hash using the App Selector Tool from cisco's donwload page.

We run this with MobileIron MDM. So far sucessful for simple Apps. But if we use Citrix, we get untill the login, which is wunderful, but are not sucessfull for the app to start. Any sucess on your side?

Marco

CCIEBret13 · ‎12-04-2015

I'm configuring per app VPN. I have configured everything including the BASE64 app information and our mobileiron admin has configured his end. We can't get the VPN to launch either with a simple web page hit nor the APP we have configured.

Any suggestion would be most appreciated.