Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

AnyConnect and iPhone

Posted on 2013-01-10
8
Medium Priority
?
482 Views
Last Modified: 2013-01-14
i am trying to get my iPhone to connect using the Cisco AnyConnect. I have installed the correct certificate (i believe) but still receiving an error that it requires a client certificate.
I tested the installed certificate by navigating to my vpn connection via safari and it allowed me in. Any ideas what might be the issue?

Thanks

Using iPhone 5 (6.02ios)
0
Comment
Question by:progjm
  • 3
  • 3
6 Comments
 
LVL 1

Author Comment

by:progjm
ID: 38767239
thank you!
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 38767333
If it is asking for a client certificate, I would presume that the configuration on the ASA  requires a client certificate.

A copy of the ASA config would be useful
0
 
LVL 1

Author Comment

by:progjm
ID: 38767472
Here you go
5510-test.txt
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
LVL 37

Expert Comment

by:ArneLovius
ID: 38767710
From your config

tunnel-group Company-SSL-VPN webvpn-attributes
 authentication aaa certificate

Open in new window


By having the word "certificate", you are requiring client certificates, to remove the requirement, I woudl try the following in a console session

tunnel-group Company-SSL-VPN webvpn-attributes
 no authentication aaa certificate
 authentication aaa 

Open in new window


Then exit and save the config
0
 
LVL 1

Author Comment

by:progjm
ID: 38767747
Will this conflict with the current users and their SSL certs on laptops?
0
 
LVL 37

Accepted Solution

by:
ArneLovius earned 2000 total points
ID: 38768888
It will remove the requirement for client certificates.

Alternatively, use client certificates on the iPhones. Lokking at your config, you are running a CA on your ASA, the iPhones can enrol directly from the ASA in a similar method to laptop clients.
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
This is a tech scam I recently helped my parents through.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question