Solved

AnyConnect and iPhone

Posted on 2013-01-10
8
465 Views
Last Modified: 2013-01-14
i am trying to get my iPhone to connect using the Cisco AnyConnect. I have installed the correct certificate (i believe) but still receiving an error that it requires a client certificate.
I tested the installed certificate by navigating to my vpn connection via safari and it allowed me in. Any ideas what might be the issue?

Thanks

Using iPhone 5 (6.02ios)
0
Comment
Question by:progjm
  • 3
  • 3
8 Comments
 
LVL 1

Author Comment

by:progjm
ID: 38767239
thank you!
0
 
LVL 36

Expert Comment

by:ArneLovius
ID: 38767333
If it is asking for a client certificate, I would presume that the configuration on the ASA  requires a client certificate.

A copy of the ASA config would be useful
0
 
LVL 1

Author Comment

by:progjm
ID: 38767472
Here you go
5510-test.txt
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 36

Expert Comment

by:ArneLovius
ID: 38767710
From your config

tunnel-group Company-SSL-VPN webvpn-attributes
 authentication aaa certificate

Open in new window


By having the word "certificate", you are requiring client certificates, to remove the requirement, I woudl try the following in a console session

tunnel-group Company-SSL-VPN webvpn-attributes
 no authentication aaa certificate
 authentication aaa 

Open in new window


Then exit and save the config
0
 
LVL 1

Author Comment

by:progjm
ID: 38767747
Will this conflict with the current users and their SSL certs on laptops?
0
 
LVL 36

Accepted Solution

by:
ArneLovius earned 500 total points
ID: 38768888
It will remove the requirement for client certificates.

Alternatively, use client certificates on the iPhones. Lokking at your config, you are running a CA on your ASA, the iPhones can enrol directly from the ASA in a similar method to laptop clients.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now