Attempting to configure AnyConnect for iPhone for on demand access.
Have configured a Windows CA to provide the required certificates and have enrolled the 2951 with the CA.
Have not been been able to get the configuration to work. Have gone through countless documents and spoken to TAC about the issue. Just wondering if anyone has any experience with a similar configuration? I'm not set on using the windows server as the CA if there is an easier way.
It's on the roadmap though and tracked by CSCtx24822
Also regarding the On-Demand I wanted to point out that Apple has made some significant changes to their VPN On Demand framework with the release of Apple iOS 7:
Deprecated the use of the OnDemandMatchDomainsAlways plist key. Any domains contained within the "Always Connect" list will now be treated as if they were in the "Connect If Needed" domain list by the system.
The evaluation model of the ruleset has changed to support a dynamic number of rule types providing additional flexibility to the Administrator.
Additional Network Detection conditions, actions, as well as new tertiary rulesets on the domain matching rules.
In Apple iOS 5 and earlier, there was one type of matching rules, the domain-matching rules described in the relevant section. Apple iOS 6 introduced a new type, network detection rules, that acted whether to enable or disable the domain-matching rules as dictated by a set of conditions based upon the WiFi interfaces network attributes. In Apple iOS 7 a similar concept remains, except that network detection rules take precedence where you can now define a VPN on Demand ruleset that does not use any domain-matching rules if you choose not to include them.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...