Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4140
Views
0
Helpful
5
Replies

Provision Cisco Anyconnect VPN App for Android

clouduser
Level 1
Level 1

‎10-11-2017 05:17 AM - edited ‎03-12-2019 04:37 AM

Hello,

 

We provision a VPN-profile for Anyconnect with Microsoft Intune (SCCM-Hybrid) MDM today for the AnyConnect VPN App.

On iOS, everything is automated. But when we provision the same profile for Android - it behaves differently. On the Android device I need to do these things:

- Change the setting External Control from 'Disabled' To 'Enabled'
- Import the certificate manually on the Connection (the connection is provisioned from Intune)

 

But the thing is, when I read the instructions here:

"AnyConnect Profile Editor, Mobile Settings Apple iOS / Android Settings Certificate Authentication—The Certificate Authentication policy attribute associated with a connection entry specifies how certificates are handled for this connection. Valid values are: Automatic—AnyConnect automatically chooses the client certificate with which to authenticate when making a connection. In this case, AnyConnect views all the installed certificates, disregards those certificates that are out of date, applies the certificate matching criteria defined in VPN client profile, and then authenticates using the certificate that matches the criteria. This happens every time the device user attempts to establish a VPN connection. Manual—AnyConnect searches for a certificate from the AnyConnect certificate store on the Android device when the profile is downloaded and does one of the following:

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/anyconnect-mobile-devices.html#reference_85F4316468DD4B06ABB4BCD04878BDCE"

 

It should be able to be Automatic? Is this something which is expected from the Android operating system? Intune also has support for "Custom XML" for this VPN-profile but i can't find any documentation regarind what parameters is supported for the Cisco AnyConnect-profile. Where can I find this documentation? Or is it even supported?

6 people had this problem
Labels:
0 Helpful
5 Replies 5

Stitjen
Level 1
Level 1

‎01-08-2019 02:13 AM

Did you find a solution for this problem?

0 Helpful

peter conrad
Level 1
Level 1
In response to Stitjen

‎10-29-2019 06:49 AM

I'm having the same issue as well, any progress?

0 Helpful

corycandia
Level 1
Level 1

‎01-23-2020 10:07 AM

Bumping this again.  Any resolution?  I can't tell if it's a limitation of the Cisco App, or Microsoft's Intune.  Who needs to do the fix?

0 Helpful

BNCBNC83
Level 1
Level 1

‎10-04-2022 09:49 AM

@corycandiadid you find a solution ?

0 Helpful

corycandia
Level 1
Level 1
In response to BNCBNC83

‎10-12-2022 11:54 AM

Sorry, no.  I was sitting back and waiting for development to catch up.  I havent tested since posting this.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents