MDM - iOS App Configuration for Cisco AnyConnect

EdLuo
Contributor II

Anyone knows if it is possible to preconfigure a VPN connection profile for Cisco AnyConnect using the App Configuration tab when creating a Mobile Device App?
e97bf18ec2b44c23be99a94c13a61079

13 REPLIES 13

giles_howland
New Contributor II

Does anyone have the answer to this?

EdLuo
Contributor II

I just found documentations on this.

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/anyconnect-mobile-devices.html#reference_8DFF414FFAA64056A3FA236B426600AE

Not sure if this answer our question. I'll test it later today.

EdLuo
Contributor II

I couldn't get the App Configuration to work. I was able to auto generate a VPN profile using a predefined URL

anyconnect://create/?name=SimpleExample&host=vpn.example.com

I created a web clip to this URL and it did auto generate the VPN profile after enabling external control (Cisco AnyConnect App, Settings, External Control --> Enabled). If only there is a way to automate this setting :(

EdLuo
Contributor II

Duh... I am over thinking this. It is as easy as creating a Configuration Profile with a VPN payload.
e0fdbb27cd724b33a7e964c70e0effa5

jholmquist
New Contributor

I have tried this in the VPN configuration and when I try to connect to the VPN in the settings I get "please install an application for cisco anyconnect to enable the vpn connection". I have the cisco anyconnect app installed so im not sure what else its asking for. Any ideas?

engh
New Contributor III

@jholmquist If you are using the newest version of Cisco AnyConnect (non legacy), you have to be on Jamf 10 (or at least that is what I was told by Jamf Support) as the API was broken. It won't work on 9.x.

If you are using the legacy Cisco AnyConnect app you should still be able to use the VPN Configuration profile even if you are using 9.x. We are still using the legacy Cisco AnyConnect app and VPN Config profile on 9.101.

-Dan

el2493
Contributor III

It seems like for the VPN payload on a Configuration Profile, the Account field is now required (I'm on Jamf 10). I guess I could just put a generic entry ("Enter Username") but was wondering if anyone had an alternate way to configure this?

I also just tried doing the above, installed AnyConnect (the non-Legacy version) through Self-Service, it took maybe 3-4 minutes for JSS to complete the "Installed App List" command. If I look at the device's Inventory page and go to Management>Configuration Profiles it show the Config Profile I created, but if I open Cisco AnyConnect it says there are no connections.

hollandmechanic
New Contributor II

Hopefully Cisco AnyConnect will implement MDM AppConfig XML in future releases, too bad you have to first create a connection and then delete it again :-|

j_meister
Contributor II

Did Cisco AnyConnect add support for MDM AppConfig XML in the meanwhile?

rstasel
Valued Contributor

@j.meister The solution above by @EdLuo works perfectly, and can be applied post-install of the Cisco AnyConnect app... so in my brain, seems better than the AppConfig (though obviously supporting both would be nice).

j_meister
Contributor II

@rstasel Thank you, that works perfectly!

Dave_F
New Contributor

Maybe I'm missing something, but I've deployed the latest Cisco Anyconnect app via managed distro and the VPN payload is installed, but as @el2493 mentioned above, I'm not seeing the VPN connection profile in Anyconnect, pre or post install.

How do I get the app to pull in the VPN profile?

el2493
Contributor III

@Dave_F it's been 3.5 years since I posted, so I don't remember specifically what I did to get it working but it is now working for me. We have an AnyConnect Profile that installs on all mobile devices, and users install AnyConnect through Self Service (we use VPP for licenses).

Regarding the Profile, I set:

*Connection Name (this could be any name)
*VPN Type: VPN
*Connection Type: Cisco AnyConnect
*Server: I entered the address of the Server, a slash, then the Group Name. So if our VPN server was school.vpn.edu and the group Name was VPN-PROD, the server would be "school.vpn.edu/VPN-PROD" (without quotation marks)
Account: [Left blank]
Group: Entered the group name [i.e. VPN-PROD]
User Authentication: Password
Password/Verify Password: [Left blank]
Provider type: Packet-tunnel
Everything else is unchecked or blank. Idle timer is "Do not connect" and Proxy setup is "None."