Apple posted the Cisco Anyconnect client to the App Store late last week. Now users of the Cisco ASA VPN platform can take advantage of the new features being offered in the iPhone version of the Cisco AnyConnect client. If you are already using the Cisco IPSEC client that is built into iOS then I have some good news for you. The transition to the AnyConnect client is incredibly easy. I'll touch on how you do that in a minute, but first here are the features you'll get in the AnyConnect iPhone client:
In order to migrate your users from IPSEC to AnyConnect all you need to do is make sure that you allow the SSLVPN client access method in your existing tunnel group policy. That's all there is to it. The same policies that you already have in place for IPSEC will then be used for AnyConnect users. If you have a need to setup iPhone specific policies then you can do that too, just setup a new tunnel group policy for those users.
Here are the very important pre-requisites you'll need in place before you can use the AnyConnect iPhone app.
-ASA Headend running 126.96.36.199 or later code
-ASA license for AnyConnect Mobile (L-ASA-AC-M-5540=) "replace 5540 with your model number"
-ASA license for Anyconnect Essential or Premium "this license is based on number of concurrent AnyConnect users connected.
-iPhone 3G, 3GS, 4, iPod touch 2G or later
-Support for iPad expected with iOS 4.2 release
To intall the app just go to the Apple App Store and install AnyConnect just like any other iPhone app. The app itself is free to download but you'll need the above licenses in order to connect it to an ASA headend.
For detailed instructions on using the client see the Cisco iPhone AnyConnect guide.
The release notes can be found here
The opinions and information presented here are my PERSONAL views and not those of my employer. I am in no way an official spokesperson for my employer.
More from Jamey Heary:
* Credit Card Skimming: How thieves can steal your card info without you knowing it
* Google Nexus One vs. Top 10 Phone Security Requirements
* Why you should always shred your boarding pass
* Video rental records are afforded more privacy protections than your online data
* The truth about new SSL attacks
* 2009 Top Urban Legends in IT Security/a>
Go to Jamey’s Blog for more articles on security.
Jamey Heary, CCIE #7680, sits on the PCI Security Standards Council- Board of Advisors where he provides strategic and technical guidance for future PCI standards. Jamey is the author of Cisco NAC Appliance: Enforcing Host Security with Clean Access. (Check out all of Jamey Heary's books from Cisco Press.) He also has a patent pending on a new DDoS mitigation technique.
Jamey sits on several security advisory boards for Cisco Systems and is a founding member of the Colorado Healthcare InfoSec Users Group. He is an experienced speaker who is recognized as an expert in network security architecture, regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and he is a Certified HIPAA Security Professional. He has been working in the IT field for 15 years and in IT security for 10 years. Jamey is currently a Distinguished Systems Engineer at Cisco Systems.