Solved: Re: Cisco AnyConnect v4 VPN Profile for iOS

MattGowland · ‎05-03-2018

Has anyone had any luck getting the iOS VPN profile for Cisco AnyConnect to work on the Non-Legacy (v4) version of AnyConnect? It seems AnyConnect profile for iOS VPN only works with the Legacy AnyConnect App. I have tried creating a custom VPN Profile with settings listed in Ciscos release notes for Anyconnect (see below) but no luck. Wondering if anyone else has got it working? Or if Airwatch simply doesnt support the new Cisco Anyconnect VPN App?

From Cisco Anyconnect v4 iOS App release notes:
Current MDM profiles will not trigger the new app. EMM vendors must support VPNType (VPN), VPNSubType (com.cisco.anyconnect) and ProviderType (packet-tunnel). For integration with ISE, they must be able to pass the UniqueIdentifier to AnyConnect since AnyConnect no longer has access to this in the new framework. Please consult with your EMM vendor for how to set this up, some may require a custom VPN type and others may not have support available at release time.

cmveloso · ‎05-03-2018

This may be what you're looking for? We currently use this today, and also have a support ticket opened w/ AirWatch because it says 'A future version of AirWatch will have the option to configure the new client in the Connection Type.' - Over a year later, and still no added support.

https://support.air-watch.com/articles/115005786867

View solution in original post

cmveloso · ‎05-03-2018

This may be what you're looking for? We currently use this today, and also have a support ticket opened w/ AirWatch because it says 'A future version of AirWatch will have the option to configure the new client in the Connection Type.' - Over a year later, and still no added support.

https://support.air-watch.com/articles/115005786867

MattGowland · ‎05-03-2018

Thanks Chad! Works Perfectly.

MattGowland · ‎05-03-2018

Actually I had to make one change to the config from that article. I had to turn off PerApp VNP and then add te key value pair ProviderType => packet-tunnel
Now working perfectly.

DavidTercovich · ‎05-04-2018

By chance do you know if this supports group names like the profiles before? It may just need the extended alias uri, (proof of concepting anyconnect via mdm, so this is my first time through vpn on-demand).

Thanks for sharing the article Chad!

cmveloso · ‎05-07-2018

Hi David,

Unfortunately I've not been successful getting groups configured. I've tried App Config values, extended URI and a custom plist/config and none of them have worked for me. Maybe someone else has figured this out, and if so would be willing to share?

On that note, I'd encourage everyone to join in on PR-194715 for AirWatch to add the new AnyConnect as a VPN option. It's been over a year and we're still working with custom profiles - seems a little long to me.

DavidTercovich · ‎05-07-2018

Hi Chad,

Thanks for the update, I'll see what I can come up with. If there is anything notable I'll be sure to report back here to let you know. I'm going to try and figure out the groups and/or uri alias method so it doesn't conflict with existing vpn configs. Ultimate goal is to have a cert based auth, it looked doable in the old AnyConnect client settings through AW. So there must be some sort of flag / key-value pair that defines this and makes it readable to the client app, but since this is a ' custom' vpn profile, we'll have to get the underlying properties of what AirWatch was building behind the scenes before.

DavidTercovich · ‎05-10-2018

Hey Chad,

Just following up, I was able to build an alias URL that was bound to a specific connection profile (linked to dedicated policy and client profiles). So it funneled it to those settings without having to define a specific ' group' through other parameters other than the URI. It was able to accept cert based auth for on-demand usage as well. You may just need to check a few settings in ASDM to make sure everything is linked up, but it is working properly in my proof of concept and initial testing.

Thanks!
David

cmveloso · ‎05-11-2018

Hey David,

Thanks for following up! I'll take a look and see if I can build something similar on my end.

JoelMcGee · ‎07-06-2018

It looks like the new AnyConnect VPN app still isn't supported natively by AirWatch.

berkvm · ‎09-13-2018

Thanks Chad, this solved the problem for us. We noticed that iOS 12 broke Legacy AnyConnect so we had to get the new app working. Just a heads up in case anyone is still using Legacy AnyConnect.

ybalci · ‎09-18-2018

Hi All, Is there any solution to workig with cisco any connect? we are having issue on IOS 12 devices with Legacy version.

SandroSchefer · ‎09-27-2018

Hi all, Same issue here.
We are using the same certificated we were using for the legacy version of the app but we are not able to get a working setup using the non legacy version of the cisco anyconnect app. We tried to add the vpn connection as shown in the answer post but no success. I also tried to add the ProviderType value - key pair. Didnt help.

The exact same profile (beside changing the VPN to custom) is working fine with legacy version.
Any suggestions?

MarkSnelling · ‎11-01-2018

Still no support for the new app then?
Does anyone know how to map the Custom Data fields to the fields in the legacy app profile? E.g. ' Group Name' or other fields like authentication type (say EAP-MSCHAPv2) and ' Connect with IPSec'

Patmbox · ‎11-17-2021

Does this solution work on IOS 14 unable to get VPN cert?

My environment has mixed of IOS 12, 13 and 14. It seem that IOS 14 is unable to import the cert that push down by Workspace One to Cisco AnyConnect app. Any one can advise?

All

Cisco AnyConnect v4 VPN Profile for iOS

Device Management