Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AnyConnect on iPhone with Windows CA and 2951

Attempting to configure AnyConnect for iPhone for on demand access.

Have configured a Windows CA to provide the required certificates and have enrolled the 2951 with the CA.

Have not been been able to get the configuration to work. Have gone through countless documents and spoken to TAC about the issue. Just wondering if anyone has any experience with a similar configuration? I'm not set on using the windows server as the CA if there is an easier way.

1 REPLY
Cisco Employee

AnyConnect on iPhone with Windows CA and 2951

Hello Adam,

Unfortuantely Cisco IOS routers do not support the Cisco AnyConnect Secure Mobility client for Apple iOS at this time.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/rn-ac3.0-iOS.html#wp1124492

It's on the roadmap though and tracked by CSCtx24822

Also regarding the On-Demand I wanted to point out that Apple has made some significant changes to their VPN On Demand framework with the release of Apple iOS 7:

  • Deprecated the use of the OnDemandMatchDomainsAlways plist key. Any domains contained within the "Always Connect" list will now be treated as if they were in the "Connect If Needed" domain list by the system.
  • The evaluation model of the ruleset has changed to support a dynamic number of rule types providing additional flexibility to the Administrator.
  • Additional Network Detection conditions, actions, as well as new tertiary rulesets on the domain matching rules.

In Apple iOS 5 and earlier, there was one type of matching rules, the domain-matching rules described in the relevant section. Apple iOS 6 introduced a new type, network detection rules, that acted whether to enable or disable the domain-matching rules as dictated by a set of conditions based upon the WiFi interfaces network attributes. In Apple iOS 7 a similar concept remains, except that network detection rules take precedence where you can now define a VPN on Demand ruleset that does not use any domain-matching rules if you choose not to include them.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/user/guide/iphone-ugac-ios.html#wp188630

"Apple iOS 7 no longer supports Always Connect domains. When running AnyConnect on Apple iOS 7 devices, any domains listed asAlways Connect will be treated as Connect if Needed domains."

-Gustavo Medina

357
Views
0
Helpful
1
Replies