Currently Being ModeratedAug 30, 2011 8:16 AM (in response to KJCarey)
Ok, Jail Breaking the phone is not the answer. The problem is the iPhone and how the VPN tunnel works -- the iPhone shuts down its transmitter when in auto-lock to save battery probably. When this happens the VPN tunnel can no longer send keep-alive messages to the concentrator so the tunnel drops.
The answer is for Cisco to modify the VPN client so that it is not required to send keep-alives, but allow incoming messages from the network. I'm no security expert, so this could violate all kinds of best practice recommendations and security policies.
Our solution was to install Good for Enterprise which is an email proxy solution with a server on prem. It uses a special email client that continuously listens even when in auto-lock. It is able to provide alerts to the client about email and calendar events. When you wake up the phone it does a quick sync and runs normal, all emails are available. This works with Exchange and Lotus Notes backend. The Good for Enterprise does NOT require a VPN, it does its own security certificate exchange and encryption.
Currently Being ModeratedNov 13, 2011 6:46 PM (in response to robertvg)
I'm also interested in a setting that would force all iPhone data access only through the VPN, and make the VPN try to remain connected at all times unless manually turned off.
Currently Being ModeratedNov 15, 2011 3:01 PM (in response to robertvg)
The answer is to use Cisco AnyConnect VPN with PKI certificates. We are testing this and it works pretty well. It is possible to set the VPN to be persistant and it only reauthenticates when it wakes up, it does this very quickly and using PKI certs it does not require any manual intervention. The tunnel restablishes very quickly.
Requires Cisco ASA on the host side at your data center, requires some method of securely distributing the digital certificates and a certificate authority, either your own or subscribe to Verisign or equivalent. It is not a simple proposition to implement, you need to be committed and have some resources to get it done.
Currently Being ModeratedNov 15, 2011 3:13 PM (in response to seechrisgo)
What about the inherent Push problem regarding data transfers while the phone is locked or asleep -- will your Cisco AnyConnect still keep that data through its (disconnected) tunnel safe? I think this is half of the issue. Not only do you have to turn it back on when waking (no matter how fast) but it is still insecure while sleeping. No VPN will help that unless it remains intact even while locked and sleeping.
Currently Being ModeratedDec 30, 2011 8:59 PM (in response to robertvg)
Just discovered this post in researching why this was happening.
Still a problem with the latest IOS and not yet fixed.
Agree that Jailbreaking isn't the solution.
Currently Being ModeratedDec 31, 2011 1:38 PM (in response to Michael Ginsberg)
+1 that this is still a problem. What is this 1995? Seems this should have been addressed by now. Makes the iPhone better as a paperweight than as a secure communication device.
Currently Being ModeratedJan 7, 2012 3:27 AM (in response to robertvg)
still same problem. vpn disconnected in lock screen. how to resolve the issue?
Currently Being ModeratedJan 17, 2012 12:36 PM (in response to robertvg)
I've found that the VPN connection does not drop during sleep as long as the iPhone (4s, iOS 5.0.1) is kept plugged in. So here is one possible solution:
Buy a charging holster for your 3G or 3GS (Amazon), or one of the multitude of charging cases for your 4 or 4S --your VPN connection should stay alive, and your battery gets some needed reinforcement for the increased power drain that will occur.
This should work, at least until the external battery pack runs out of juice.iPhone 4S, iOS 5.0.1
Currently Being ModeratedJan 19, 2012 9:49 AM (in response to jz1492)
I read somewhere, I dont recall if it was in this thread or not, that this problem doesn't exist if you connect a VPN using Cisco AnyConnect app. I installed the app, and couldn't setup the VPN for my purposes because, as I expected, you need to use ot with Cisco VPN equipment/router. HOWEVER... The first time I launched the app, it said something like "AnyConnect will make changes to the way VPNs work on your device. Is this OK?" and I clicked yes/ok/proceed, whatever the button said. Ever since this time, my VPN has not disconnected when going to sleep. I don't even have the app anymore, I removed it when I realized it wouldn't work for me.
If you are able to establish a Cisco VPN, then it will also auto-reconnect when you go from wi-fi to 3g, loose and regain a connection, etc. It is designed to keep you constantly connected to the corporate network. However, it appears part of what it does is change the VPN functions of iOS sothe VPN does not drop after 30 seconds of being in sleep mode. I have gone 6 hours with the VPN remaining connected through 30 min to an hour of sleep at a time.
I hope this helps others out there. Just install Cisco AnyConnect, run it, accept/allow the changes, and reply to this post to let others know it it resoved the problem for you too. Once you have got it working, you can uninstall AnyConnect and it will still work.
**I dont know if there is a way to undo this, so once it changes the VPN to persistent you cant go back to the sleep-and-disconnect way, but why would you want to?
Currently Being ModeratedJan 20, 2012 3:13 PM (in response to KeithCFL)
I really believe that its not a issue in the VPN, but how the iPhone manage the connection (3G/EDGE/WiFi) when the screen lock.
I'm facing this issue, look to
Currently Being ModeratedJan 23, 2012 3:03 PM (in response to KeithCFL)
Hey KeithCFL. I tried installing Cisco AnyConnect on my iPhone 4 and it didn't work.
Still hoping someone out there can figure out a workaround.
Currently Being ModeratedJan 24, 2012 9:15 PM (in response to KeithCFL)
@KeithCFL: The AnyConnect app didn't work for me.
However, the iphone DOES have a built-in funcion to "auto-connect on demand" to a VPN. (I guess this is what the Anyconnect App does in essence)
The setting can't be made through the iPhone directly (why on earth not?!). You need to install Apple's iPhone Configuration Utility: http://support.apple.com/kb/DL1465
However it ONLY works with a Cisco IPSec tunnel using certificates.
So there it is, built-in to the iOS, but only works with one particular protocol and isn't accessible to the average user....
Currently Being ModeratedFeb 4, 2012 5:17 AM (in response to fastfret)
Does any have a solution for iPad VPN disconnecting? Trying to rollout a corp Mobile ap and it's not user friendly to have to re VPN ever lock session
Currently Being ModeratedFeb 12, 2012 10:21 PM (in response to KeithCFL)
I tried this with little success. I did see that the VPN doesn't disconnect when the iPhone is plugged into the dock, then it stays connected for the whole day. So it does look like an automatic power management issue.
Currently Being ModeratedFeb 14, 2012 6:46 AM (in response to VRADesign)
I dropped my iPad (shattered screen), and had to replace it with a refurbished model. I can't get the VPN to stay conmected any more on y new iPad, even with the AnyConnect app. I guess I just got lucky last time, the VPN would only disconnect when I left WiFi. This really *****. I've tried everything I did last time, to no avail. I miss the persistent VPN connection-- I know it's possible because it worked on my last iPad2. It didn't create any significant battery drain either-- then again, I was on an iPad which has a bigger battery than iPhone, so the drain wouldn't be quite as noticable.
If I get it working again I'll be sure to update this thread.