AnyConnect on iPad - Page 2

sbacklund · ‎09-10-2010

I have heard that AnyConnect may be avaialable for iPad

at some point. Any idea as to when?

miannuzzi · ‎01-12-2011

Todd,

Based on the previous comments, please confirm the following is accurate with regards to licensing on the ASA, for AnyConnect support for the IPAD.

You will need an AnyConnect Essentials (or Premium license) - ASA-AC-E-55xx (xx=model number of ASA).

You will need an AnyConenct Mobile License - ASA-AC-M-55xx (xx=model number of ASA).

You will need a SSL VPN Peer license for the max number of concurrent AnyConnect connections you want to support - ASA5505-SSLXX-K9 (xx=number of concurrent users 10, 25, 50, 100, 250, etc.).

If you have a redundant pair of ASAs running 8.2 or below, you will have to purchase two sets of the licenses listed above, one set for each ASA.

If you have a redundant pair of ASAs running 8.3 or above, you only have to purchase one set of the licenses listed above.

What does the Anyconnect Premium license do for you?

Is there a document on the CCO that has all of this information , or is this information from many different documents?

Thanks. -Mark

Todd Pula · ‎01-12-2011

Please find the following excerpt from the ASA feature license doc below. A premium license will enable all WebVPN features including AnyConnect, clientless, and CSD while an essentials license will only enable AnyConnect remote access.

Premium License Features:

• Premium capabilities, including clientless Secure Sockets Layer (SSL) VPN, Cisco AnyConnect Secure Mobility, Cisco Secure Desktop (Host Scan and Vault), and Cisco AnyConnect Secure Mobility client connectivity; optionally provides full tunneling access to enterprise applications

AnyConnect Essentials Features:

• Cisco AnyConnect Secure Mobility client connectivity without clientless SSL VPN and Cisco Secure Desktop capabilities

• Cisco AnyConnect Secure Mobility capabilities that may be used in conjunction with a licensed Cisco IronPort™ Web Security Appliance

• Full tunneling access to enterprise applications

http://www.cisco.com/en/US/customer/prod/collateral/vpndevc/ps6032/ps6094/ps6120/overview_c78-527488.html

miannuzzi · ‎01-12-2011

So is the summary I provided in my last post accurate for a non-Premium setup?

Thanks. -Mark

thiland · ‎04-06-2011

Here is another thread that helps answer some of the AnyConnect Mobility questions:

Cisco AnyConnect 3.0 Licensing for Mobile Devices

https://www.myciscocommunity.com/message/60991#60991

Jeff Thompson · ‎04-07-2011

Todd - I am little confused on how you can tell that Matt has the AnyConnect Premium Licence installed and only needs the AnyConnect mobile licence.

I am in the process of upgrading our ASA to accommodate the Anyconnect features for the iphone/ipad's in our organization and I just need to verify exactly what licenses I need. I know I need the mobile license, upgrade the IOS, but given what's listed below in my license snippet, I am covered for the AnyConnect SSL connectivity.

Thanks,

~Jeff

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 150

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : 750

WebVPN Peers : 250

AnyConnect for Mobile : Disabled

AnyConnect for Linksys phone : Disabled Advanced Endpoint Assessment : Disabled

UC Proxy Sessions : 2

Todd Pula · ‎04-07-2011

Based on the snippet you have provided, it looks like you will just need to add the AnyConnect Mobile feature license to enable support for iPhone/iPad connectivity. In the more recent 8.x code versions, the "show version" output spells out the installed licensing more clearly including whether AnyConnect Essentials is enabled/disabled. If you were to have AnyConnect Essentials enabled, you would have something in your running configuration that looked like the output below.

webvpn
   anyconnect-essentials

Todd

Jeff Thompson · ‎04-07-2011

Thanks for the quick response Todd. Currently we are running v8.0(4) and will be upgrading to the latest 8.4 soon. So would be limited to the number of sessions base on the output of the 'WebVPN Peers: 250" Also, once the upgrade is in place and the mobile connect license in place, we would be set for AnyConnect on any device listed in the support docs. (ie, Windows 7, Mac OS 10.5, Ubuntu ect...)

davidcjmerry · ‎04-07-2012

So I am also looking to use an ipad with an ASA5510 (V8_2_1) and from what I can make out from reading the Internet and the Anyconnect Admin Guide and other Release Notes etc. I have 2x potential options;

1) Install Version 8_4 and that allows me to use clientless SSL VPN

2) Install a client on the iPad from iTunes (Cisco Anyconnect Client (2.5.5112)) which should be compatible with Ver8_0_x

The first problem is that I need more memory to run 8_4 so I can't do that in the immediate future.

So what I am trying to get clear is in order to use the Anyconnect client what do I have to do?

I think I need to;

Install the Anyconnect client on the iPad
Install the Anyconnect client on the ASA
Install an Anyconnect Essentials license on the ASA
Install an Anyconnect Mobile License on the ASA
Configure an Anyconnect profile on the ASA

The bit that is confusing me is that when I try and configure an Anyconnect profile the ASA insists I upload a client first and when I try and find a downloadable iPad / iPhone Anyconnect client I can't find one on Cisco.com

Any thoughts?

rohaverm · ‎04-07-2012

Anyconnect for IPAD

http://itunes.apple.com/us/app/cisco-anyconnect/id392790924?mt=8

RV

davidcjmerry · ‎04-07-2012

Hi Rohan

Thanks

I have the file in itunes and on my ipad but how do I get the file onto the ASA?

I mean when I open the URL you sent I cant see a way to get the raw file without using the apple DRM based software.

Cheers

lcaruso · ‎07-10-2012

Do you know if the app can be used on ipads to connect to wireless networks as it can with the deskop/laptop version?

Tarik Admani · ‎07-10-2012

Hi,

No the app for the iOS and even on the macbook do not have network access manager module that the desktop/laptop version has. You will have to use the native supplicant in order to connect to the wireless network.

Hope this helps.

Thanks,

Tarik Admani

lcaruso · ‎07-11-2012

Thanks for your reply. What a dissappointment. I wonder if they are working on that.

lcaruso · ‎07-11-2012

Don't have an iPad to test with yet.

Do you know if the iPad supplicant does the requisite 802.1x necessary for backend AD authentication?

I think local EAP-FAST is required for LDAP back end.

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml

Tarik Admani · ‎07-11-2012

Yes it does, when you connect to the network it should automatically ask you for your username and password. However the network or the ssid in the case will have to be set properly.