Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Blocking access from iPhones to Cisco VPN/ASA


Is it possible to recognize and block iphone userss (using IPSEC VPN Client) from accessing corporate VPN ? We have a typical setup of multple ASAs, cluster, for different types of groups. Corporate support is for desktops with installed cisco vpn client 5.x. We know the iphones have inherent cisco vpn client (or downloadable) that can be configured to act as a vpn client. Corporate is not ready to support it. But, wondering if there's any technical way to recognize and block it (i doubt .. but checking just in case).

ps.. i know for ssl we'll need the license for macOS. But, the above question is for ipsec vpn.


Super Bronze

Re: Blocking access from iPhones to Cisco VPN/ASA

Yes, you can block iPhone IPSec on the ASA.

Try to connect the iPhone to the ASA, then on the ASA check the exact client type and/or version from the following:

show vpn-sessiondb detail full filter name

The output would include the Client Type and Client version.

From the Client Type and Client version, you can block it from the group-policy configuration:

ASDM --> Configuration --> Remote Access --> Network (Client) Access --> Group Policies --> Advanced --> IPSEC Client --> Client Access Rules --> Add --> Action: Deny --> VPN Client Type: from the above output --> VPN Client Version: from the above output

Hope that helps.