Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 280
  • Last Modified:

My iPhone 5s (iOS 8.0.2), is NOT connecting to VPN, via Cisco Anyconnect.

Hello,

My new iPhone 5s (iOS 8.0.2), is NOT connecting to VPN, via Cisco Anyconnect.

I have downloaded from App Store and installed successfully Cisco "VPN Anyconnect Version 3.0.12119" on my new iPhone 5s, which operates on iOS v. 8.0.2.

Before this, I bought a specific license for Mobile from Cisco Corporation.

So the Running Licenses on ASA are:
License:      Base
Max Physical Interfaces:      8
VLANs:      3, DMZ Rest
Dual ISPs:      Disabled
Trunk Ports:      0
Failover:      Disabled
Inside Hosts:      10
VPN DES Encryption:      Enabled
VPN 3DES and AES Encryption: Enabled
VPN Peers:      10
SSL VPN Peers:      2
Shared SSL VPN licensing:      Disabled
AnyConnect Mobile:      Enabled
Linksys VPN Phone:      Disabled
AnyConnect Essentials:      Enabled
Advanced Endpoint Assessment: Disabled
UC Proxy Sessions:      2
UC Phone Proxy Sessions:      2
Botnet Traffic Filter:      Disabled

The installation was successful and the connection was achieved, as you can see on a iPhone screenshot image, Fig. 1.

However, I notice that every time that I log in to AnyConnect, during the authentication process it asks me for Username & Password. So far so good. I then type in these data and subsequently responds "normally connected" (Fig. 1). Good again! Unfortunately, then the internet is completely cut-off in all programmes and it does NOT connect at all to internet, neither to my LAN nor to the WAN .....  (Please see Gig. 2). However, the AnyConnect interface, still indicates "Connected", WITHOUT in fact any connection......

Is there any idea from someone experienced on this topic how about I could work around this problem and be able to successfully connect, as it seems a puzzle to me?

Thank you,

Costas.
Cisco-Anyconnect-IMG-0006.PNG
Cisco-Anyconnect-IMG-0007.PNG
0
Dr.Costas Sachpazis
Asked:
Dr.Costas Sachpazis
  • 8
  • 6
1 Solution
 
akahanCommented:
start by seeing if it is a DNS problem by trying to connect to the numeric IP of a website rather than the canonical name.

For example, if you connect to http://74.125.239.145  do you get Google?

If you do, then you are connected via the VPN, but you may have to work with the settings related to DNS.
0
 
Dr.Costas SachpazisAuthor Commented:
Thank you akahan,

On my iPhone, while being on Anyconnect VPN connection, when I try to connect to www.google.com it does NOT connect.

However, when I try to use in the browser http://74.125.239.145 to connect, then I DO get connected to Google!

Any further assistance?

Thank you.
0
 
Dr.Costas SachpazisAuthor Commented:
....but still I cannot connect to a LAN IP, for example to a camera set on 192.168.1.165.....
0
WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

 
akahanCommented:
Can you show screenshots of your settings pages on the iPhone for the iPhone Cisco anyconnect?  (Block out sensitive information, of course.)
0
 
Dr.Costas SachpazisAuthor Commented:
Sure, just a minute...
0
 
akahanCommented:
You cannot connect locally with the VPN turned on, because the VPN software on the iPhone is set to send EVERYTHING out to the VPN server.
0
 
akahanCommented:
Waitaminnit.

Are you connecting to your OWN Cisco VPN server, on your own network?  Or are you at home, trying to connect to a server at an office network somewhere?
0
 
Dr.Costas SachpazisAuthor Commented:
I am just uploading the Cisco Anyconnect images, as you asked me for. 13 images altogether in a chronological order... You can see that with IP I can connect but with domain name not...

I try to connect to my LAN at office from home, by using Cisco anyconnect VPN.

The strange thing is that, DOING EXACTLY THE SAME PROCEDURE using my Samsung Tablet (but with Android O.S) and using Anyconnect on my Samsung Tablet, the Tabletsconnects perfectrly to my LAN at office without any problem...

However, the iPhone 5s (iOS 8.0.2) using the same procedure and the same software it DOES NOT connect...

Any clue?
Cisco-Anyconnect-IMG-0008.PNG
Cisco-Anyconnect-IMG-0009.PNG
Cisco-Anyconnect-IMG-0011.PNG
Cisco-Anyconnect-IMG-0012.PNG
Cisco-Anyconnect-IMG-0013.PNG
Cisco-Anyconnect-IMG-0014.PNG
Cisco-Anyconnect-IMG-0015.PNG
Cisco-Anyconnect-IMG-0016.PNG
Cisco-Anyconnect-IMG-0017.PNG
Cisco-Anyconnect-IMG-0018.PNG
Cisco-Anyconnect-IMG-0019.PNG
Cisco-Anyconnect-IMG-0020.PNG
Cisco-Anyconnect-IMG-0021.PNG
0
 
akahanCommented:
Are you sure that the Cisco server at your office supports iPhone?  Cisco IOS VPN servers and the Cisco 3000 series concentrators, for example, do not, while the Cisco ASA 5500 Security Appliances and PIX Firewalls do.
0
 
Dr.Costas SachpazisAuthor Commented:
As I told you I bought a license from Cisco.

My firewall is Cisco ASA 5505.

Please have a look again:

Before this, I bought a specific license for Mobile from Cisco Corporation.

So the Running Licenses on ASA are:

•License:      Base
 Max Physical Interfaces:      8
 VLANs:      3, DMZ Rest
 Dual ISPs:      Disabled
 Trunk Ports:      0
 Failover:      Disabled
 Inside Hosts:      10
 VPN DES Encryption:      Enabled
 VPN 3DES and AES Encryption: Enabled
 VPN Peers:      10
 SSL VPN Peers:      2
 Shared SSL VPN licensing:      Disabled
 AnyConnect Mobile:      Enabled
 Linksys VPN Phone:      Disabled
 AnyConnect Essentials:      Enabled
 Advanced Endpoint Assessment: Disabled
 UC Proxy Sessions:      2
 UC Phone Proxy Sessions:      2
 Botnet Traffic Filter:      Disabled
0
 
Dr.Costas SachpazisAuthor Commented:
....My Android (Samsung) Tablet, connects without any problem, thouhg.....
0
 
akahanCommented:
I understand both that you bought a license from Cisco and that your Android tablet connects fine.
The issue is whether your Cisco server is able to work with the iPHone.  
The ASA 5505 should be fine, but the problem is with the configuration on the server, not the iPhone.

Do you have the 5505 running the latest software?  Here's a link to Cisco's configuration guide for this:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100936-asa8x-split-tunnel-anyconnect-config.html
0
 
Dr.Costas SachpazisAuthor Commented:
Hello again,

Unfortunately, there is no solution yet, because as I was told by a Cisco expert, the problem comes from the iOS 8 operating system, and as he advised me, I should wait until Apple gives out an update to fix this bug....

I am sorry, because I cannot connect to my LAN, using iPhone 5s running iOS 8.1 and Anyconnect ....

I am desperately looking for a God blessed solution...

Costas.
0
 
Dr.Costas SachpazisAuthor Commented:
Unfortunately, nobody was able to solve this problem so far......
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 8
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now