Apple IPAD ANYCONNECT VPN

In order to activate the Anyconnect SSL vpn for an iphone/ipad, you will need to obtain/install two licenses on your ASA.

These licenses are “AnyConnect Mobile license” and “AnyConnect Essentials” or “AnyConnect Premium Clientless SSL VPN Edition”.

The Mobile license and essentials license are licensed per device. The amount of simultaneous users will depend on your device type.

Model – Users
5505 – 25
5510 – 250
5520 – 750
5540 – 2500
5580-x – 10,000

Instructions for installing the license will accompany the license so this won’t be covered here.

You can verify the license is installed by issuing a show ver.
AnyConnect for Mobile : Enabled
AnyConnect for Linksys phone : Disabled
AnyConnect Essentials : Enabled

You will need to download the app @ (http://itunes.apple.com/us/app/cisco-anyconnect/id392790924)

One the app is installed, you create an SSL VPN remote access connection. An example is below.

! enable ssl vpn
webvpn
enable outside ! interface name
anyconnect-essentials
svc image disk0:/anyconnect-dart-win-2.5.1025-k9.pkg 1 ! image for windows client
svc image disk0:/anyconnect-linux-2.5.1025-k9.pkg 2 ! image for linux clients
svc enable
tunnel-group-list enable
! acl for split tunnel
access-list SPLIT-ACL standard permit 10.0.0.0 255.0.0.0
! dns pool for vpn
ip local pool VPN-POOL 192.168.1.1-192.168.1.254 mask 255.255.255.0
! acs is configured for authentication
aaa-server TACACS protocol tacacs+
aaa-server TACACS (inside) host 10.100.100.100
! tunnel groups
tunnel-group VPN type remote-access
tunnel-group VPN general-attributes
address-pool VPN-POOL
authentication-server-group TACACS
default-group-policy VPN
group-policy VPN attributes
dns-server value 10.10.10.10 10.11.11.11
vpn-tunnel-protocol svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-ACL
default-domain value yourdomain.com ! default domain to append to queries from vpn host
split-dns value yourdomain.com ! vpn host will only send dns queries across the vpn for these configured domains

Note: Split-dns was required to allow dns to resolve on the IPAD when using split tunnels. This appears to be a bug or limitation of the IPAD annyconnect app.

Uncategorized, VPN

, , , ,

December 22nd, 2011

No response

Comment now!
















Trackbacks