Sep
23
2010

Cisco AnyConnect for the iPhone

Three days ago, Cisco has released the Cisco AnyConnect Secure Mobility Client for the iPhone (iOS 4), but what is it? The Cisco AnyConnect Secure Mobility Client provides remote users with secure VPN connections to the Cisco ASA 5500 Series using the Secure Socket Layer (SSL) protocol and the Datagram TLS (DTLS) protocol.

The Cisco AnyConnect Secure Mobility Client for Apple iOS provides seamless and secure remote access to enterprise networks. The client provides a full tunneling experience that allows any installed application to communicate as though connected directly to the enterprise network. It runs on Apple iOS version 4.1 or later and supports connections to IPv4 and IPv6 resources over an IPv4 network tunnel. It is available from the iTunes App Store. All distribution and updates will be provided from the App Store, not the ASA.

The download is available on iTunes Apple Store here.


The devices supported by the client are:

  • iPhone 3G
  • iPhone 3GS
  • iPhone 4
  • iPod Touch (2nd Generation or later)
  • iPad (it is expected to be available with the release of Apple iOS 4.2)

The following AnyConnect features are supported:

  • Tunnel Protocols
    • Cisco SSL Tunnelling Protocol (CSTP)
    • Cisco DTLS Tunnelling Protocol (CDTP)
  • SSL Cipher Suites
    • AES256-SHA
    • AES128-SHA
    • DES-CBC3
    • RC4-SHA
    • RC4-MD5
    • DES-CBC-SHA
  • DTLS Cipher Suites
    • AES256-SHA
    • AES128-SHA
    • DES-CBC3
    • DES-CBC-SHA
  • Authentication
  • Client Certificate Authentication
  • Routing Policy
    • Tunnel All
    • Split Include
    • Split Exclude
  • Simultaneous full-tunnel and clientless connections
  • Rekey
  • Network Roaming
  • TLS Compression
  • Cisco Profile Support
  • Profile Update
  • IPv6 over IPv4
  • Post-Login Banner
  • Dead Peer Detection
  • Tunnel Keep-Alive
  • Backup Server List
  • Default Domain
  • Cluster Support
  • DNS Server Configuration
  • Private-side Proxy Support
  • Network Change Monitoring
  • Statistics
  • Graphical User Interface
  • Pre-login Banner
  • AnyConnect Secure Certificate Enrollment Protocol (SCEP)
  • Certificate Import

Limitations of the AnyConnect Secure Mobility Client for Apple iOS
The initial release of Cisco AnyConnect Secure Mobility Client for Apple iOS supports only the features that are strictly related to remote access.

Three types of VPN configurations are supported:

  • Manually generated
  • AnyConnect profile imported.
  • iPhone Configuration Utility generated

For further details of the iPhone Configuration Utility see http://www.apple.com/support/iphone/enterprise/.

However, full network roaming capabilities are not supported for VPN configurations created with the iPhone Configuration Utility. If your users require this functionality you should use an AnyConnect profile.

Only a single AnyConnect XML profile is supported on the iOS device, and the contents of the generated configuration will always match the most recent profile. For example, if a user goes to vpn.example1.com and then goes to vpn.example2.com, the configuration for vpn.example1.com would be replaced with the one for vpn.example2.com unless the configurations are the same.

Tunnel Keep-Alive is supported, but this may reduce the battery life of the device if the update interval is set to the minimum value.

References:

Summary
Cisco AnyConnect for the iPhone
Article Name
Cisco AnyConnect for the iPhone
Description
The Cisco AnyConnect Secure Mobility Client for Apple iOS provides seamless and secure remote access to enterprise networks.
Author