cisco Anyconnect Secure Client

Hello everyone,

Recently my boss has a request to setup the iPad device (or iPhone) which can form the secure tunnel for the internal applications. I have tested properly if the iPad is connected to the internal wifi. It means the iPad device, network, applications are all configured properly.

But there is a security issue that the iPad device must be with VPN connection. It also means that we must not use this "testing wifi" for the future deployment.

Background: the office is with proper setup of the Cisco ASA environment, all the employees or vendors can VPN with using the Cisco Anyconnect client to access the internal services. But every device should be installed with certain certificates (which created or issued by the internal CA).

Then now comes with the problem when dealing with the iPad. We couldn't deploy the certificates into the iPad. We tried using email method to install the cert, but it doesn't force the VPN formed. (later we saw some posts talking about the new iOS cannot support this method).

We also tried to use URL to let the Cisco VPN client to Import from the URL. Unfortunately it doesn't work. We are not sure what kind of URL it is. But we put my .p12 cert into OneDrive or other cloud drive, then let it runs. But it keeps on saying "Import PKCS12 failed with error: Certificate Enrollment - Certificate import has failed."

We checked that there is another method that when I can download the .P12 file into the iPad, then open the Files folder, locate the cert, click and it can be Share to the Cisco Anyconnect app. Then it prompts for the password. We assumed that is the password when we export this .P12 cert. So we use the password to "decrypt" but again, not success.

I wonder if anyone got similar experience as what we have.

We have been using the Cisco ASA with VPN for a long time. But checked back that we don't have anyone using Apple or Android devices to form the VPN ever.

My current Cisco Secure Client is version 5.0.01255

Thank you.

Timothy