The holdup is that AnyConnect will require a minimum of iOS 4.1 to operate. I have heard November 2010 for the iPad 4.x code release but that is just a guesstimate.
I can report that the iPhone anyconnect client works on the latest ipad 4.2 beta release. It would be nice though to have a proper ipad app
I've found the 'anyconnect mobile license' for sale, but i need to know if it's per iphone or if it's per connection. ~$100/ phone is pretty expensive!
Does anyone know if 'Anyconnect mobile license' can allow connect multiple iphones (at different times)?
The AnyConnect Mobile license will enable support for mobile devices such as the iPhone. Your sessions will be limited by the AnyConnect Essentials or AnyConnect Premium SSL license installed on the ASA.
Is that to say that I just have to buy 1 anyconnect mobile license and as long as I have enough SSL licenses I can connect as many Iphones/ droids as I like?
-ps thanks for quick reply on the last question!
That is correct. You will only buy one AnyConnect Mobile license for a standalone ASA. If you have a failover pair pre 8.3, you will need to have the same license installed on both ASAs. Post 8.3, the license is per cluster so you will only need one for the failover pair.
I have an 1801w router running "IOS C180X-ADVIPSERVICESK9-M, Version 12.4(24)T2" and I currenly use AnyConnect (v2.4.0202) on my Windows and Linux clients without any issues.
I just upgraded my iPad OS and installed the AnyConnect client, but when I attemp to connect, it reports "The required license for this type of VPN client is not available on the headend device. Please contact your network administrator."
1) Is a license available for this IOS router, as for the ASA devices?
2) I also use Android client devices. Will a separate license on IOS be needed for that AnyConnect client when it becomes available too?
Below is the VPN package installed on the 1801w ISR. I believe the VPN license I purchased was a "paper" license (10 clients) and did not require installation on the 1801w if I recall correctly.
Windows & Linux clients work well, but I would like to support SSL VPN for the iPads (and eventually Android too).
Is this not possible with the the 1801w ISR as the head-end device?
Cisco IOS Software, C180X Software (C180X-ADVIPSERVICESK9-M), Version 12.4(24)T2, RELEASE SOFTWARE (fc2)
cisco1801w#show webvpn install status svc
SSLVPN Package SSL-VPN-Client version installed:
CISCO STC win2k+
SSLVPN Package SSL-VPN-Client version installed:
CISCO STC Linux
If I should start a new thread for this topic, please just let me know.
AnyConnect for iPhone/iPad is not yet supported on IOS routers. The mobile client is only supported on ASAs as of the moment. AnyConnect is not yet supported on the Android platform.
Todd, thanks very much. I do hope that Cisco has plans to support AnyConnect for iPhone/iPad on IOS routers at some point. I suspect this is important to many SOHO users like me. Ditto for Android support.
Todd, I'm trying to ascertain what licenses I need to buy to get my iPads connecting to my ASA running 8.3. I have two questions, based on my config:
* What are the Cisco SKU's for the mobility licenses I need to buy?
* Are there any prerequisites for the mobility licenses? I've heard people talking about Essentials and IronPort, and am not sure if they are required first. Some of my licensing config is below. Hope this helps.
License: VPN Plus
AnyConnect Essentials: Disabled
Max Security Contexts: 2
Max Physical Interfaces: Unlimited
VPN DES: Enabled
VPN 3DES and AES: Enabled
Shared SSL VPN licensing: Disabled
The SKU for the AnyConnect Mobile license is L-ASA-AC-M-55XX=. You will substitue the XX for your particular ASA platform such as 5520. This license will enable the mobile feature, however, you will still need to have either an AnyConnect Essentials or AnyConnect Premium license installed to support SSL VPN functionality. Based on the license snippet you provided, I am assuming that you have the AnyConnect Premium license already installed and only need the Mobile feature license.
Based on the previous comments, please confirm the following is accurate with regards to licensing on the ASA, for AnyConnect support for the IPAD.
You will need an AnyConnect Essentials (or Premium license) - ASA-AC-E-55xx (xx=model number of ASA).
You will need an AnyConenct Mobile License - ASA-AC-M-55xx (xx=model number of ASA).
You will need a SSL VPN Peer license for the max number of concurrent AnyConnect connections you want to support - ASA5505-SSLXX-K9 (xx=number of concurrent users 10, 25, 50, 100, 250, etc.).
If you have a redundant pair of ASAs running 8.2 or below, you will have to purchase two sets of the licenses listed above, one set for each ASA.
If you have a redundant pair of ASAs running 8.3 or above, you only have to purchase one set of the licenses listed above.
What does the Anyconnect Premium license do for you?
Is there a document on the CCO that has all of this information , or is this information from many different documents?
Please find the following excerpt from the ASA feature license doc below. A premium license will enable all WebVPN features including AnyConnect, clientless, and CSD while an essentials license will only enable AnyConnect remote access.
Premium License Features:
• Premium capabilities, including clientless Secure Sockets Layer (SSL) VPN, Cisco AnyConnect Secure Mobility, Cisco Secure Desktop (Host Scan and Vault), and Cisco AnyConnect Secure Mobility client connectivity; optionally provides full tunneling access to enterprise applications
AnyConnect Essentials Features:
Here is another thread that helps answer some of the AnyConnect Mobility questions:
Cisco AnyConnect 3.0 Licensing for Mobile Devices
Todd - I am little confused on how you can tell that Matt has the AnyConnect Premium Licence installed and only needs the AnyConnect mobile licence.
I am in the process of upgrading our ASA to accommodate the Anyconnect features for the iphone/ipad's in our organization and I just need to verify exactly what licenses I need. I know I need the mobile license, upgrade the IOS, but given what's listed below in my license snippet, I am covered for the AnyConnect SSL connectivity.
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 750
WebVPN Peers : 250
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
Based on the snippet you have provided, it looks like you will just need to add the AnyConnect Mobile feature license to enable support for iPhone/iPad connectivity. In the more recent 8.x code versions, the "show version" output spells out the installed licensing more clearly including whether AnyConnect Essentials is enabled/disabled. If you were to have AnyConnect Essentials enabled, you would have something in your running configuration that looked like the output below.
Thanks for the quick response Todd. Currently we are running v8.0(4) and will be upgrading to the latest 8.4 soon. So would be limited to the number of sessions base on the output of the 'WebVPN Peers: 250" Also, once the upgrade is in place and the mobile connect license in place, we would be set for AnyConnect on any device listed in the support docs. (ie, Windows 7, Mac OS 10.5, Ubuntu ect...)
So I am also looking to use an ipad with an ASA5510 (V8_2_1) and from what I can make out from reading the Internet and the Anyconnect Admin Guide and other Release Notes etc. I have 2x potential options;
1) Install Version 8_4 and that allows me to use clientless SSL VPN
2) Install a client on the iPad from iTunes (Cisco Anyconnect Client (2.5.5112)) which should be compatible with Ver8_0_x
The first problem is that I need more memory to run 8_4 so I can't do that in the immediate future.
So what I am trying to get clear is in order to use the Anyconnect client what do I have to do?
I think I need to;
The bit that is confusing me is that when I try and configure an Anyconnect profile the ASA insists I upload a client first and when I try and find a downloadable iPad / iPhone Anyconnect client I can't find one on Cisco.com
I have the file in itunes and on my ipad but how do I get the file onto the ASA?
I mean when I open the URL you sent I cant see a way to get the raw file without using the apple DRM based software.
No the app for the iOS and even on the macbook do not have network access manager module that the desktop/laptop version has. You will have to use the native supplicant in order to connect to the wireless network.
Hope this helps.
Don't have an iPad to test with yet.
Do you know if the iPad supplicant does the requisite 802.1x necessary for backend AD authentication?
I think local EAP-FAST is required for LDAP back end.
Yes it does, when you connect to the network it should automatically ask you for your username and password. However the network or the ssid in the case will have to be set properly.