Cisco Cisco AnyConnect Secure Mobility Client v3.x 用户指南
35
iPad User Guide for Cisco AnyConnect Secure Mobility Client, Release 3.0.x
Troubleshooting
•
Voice applications running in the background on an iPod Touch cannot receive packets over VPN.
This functionality works as expected on iPhone devices.
This functionality works as expected on iPhone devices.
•
If a VPN configuration contains a large number of routes or split-dns rules, the Apple device cannot
establish a VPN connection. This bug occurs, for example, if, upon connection, an ASA
configuration pushes a VPN split-include list that has 70 or more rules that direct traffic to
individual subnets. To prevent this bug from impacting users, apply a tunnel-all configuration or
reduce the number of rules.
establish a VPN connection. This bug occurs, for example, if, upon connection, an ASA
configuration pushes a VPN split-include list that has 70 or more rules that direct traffic to
individual subnets. To prevent this bug from impacting users, apply a tunnel-all configuration or
reduce the number of rules.
•
AnyConnect may become slow or crash when there are a large number of VPN connections
configured on the mobile device.
configured on the mobile device.
•
Customers who wish to tunnel IPv6 traffic need to upgrade their iPhones and iPads to iOS 5.0 or
later. Known problems exist in iOS 4.3 that prevent AnyConnect from processing IPv6 traffic
properly due to the inability to set default IPv6 routes.
later. Known problems exist in iOS 4.3 that prevent AnyConnect from processing IPv6 traffic
properly due to the inability to set default IPv6 routes.
Apple iOS Permits All Local LAN Traffic with Tunnel-all
Apple iOS permits traffic that is essential for the core operation of the device, regardless of whether a
tunnel-all policy is in force. Examples of traffic that Apple iOS sends in the clear regardless of the tunnel
policy include:
tunnel-all policy is in force. Examples of traffic that Apple iOS sends in the clear regardless of the tunnel
policy include:
•
All local LAN traffic
•
Scoped routes for preexisting connections (for example, a video being streamed before VPN comes
up)
up)
•
Core Apple services (for example, Visual Voice mail traffic)
Limitations of AnyConnect for Apple iOS
This release of AnyConnect for Apple iOS supports only the features that are strictly related to remote
access.
access.
•
AnyConnect supports the following types of VPN configurations:
–
Manually generated.
–
AnyConnect VPN client profile imported.
–
iPhone Configuration Utility generated. For details about the iPhone Configuration Utility see
•
The VPN configurations generated by the iPhone Configuration Utility do not support Network
Roaming. If your users require Network Roaming, use an AnyConnect profile.
Roaming. If your users require Network Roaming, use an AnyConnect profile.
•
The Apple iOS device supports no more than one AnyConnect VPN client profile. The contents of
the generated configuration always matches the most recent profile. For example, if a user goes to
vpn.example1.com and then goes to vpn.example2.com, the AnyConnect VPN client profile
imported from vpn.example2.com replaces the one imported from vpn.example1.com.
the generated configuration always matches the most recent profile. For example, if a user goes to
vpn.example1.com and then goes to vpn.example2.com, the AnyConnect VPN client profile
imported from vpn.example2.com replaces the one imported from vpn.example1.com.
•
This release supports the tunnel keepalive feature; however, it reduces battery life of the device.
Increasing the update interval value mitigates this issue.
Increasing the update interval value mitigates this issue.
•
AnyConnect collects device information when the UI is launched and a VPN connection is initiated.
Therefore, there are circumstances in which AnyConnect mis-reports mobile posture information if
the user relies on iOS’s Connect on Demand feature to make a connection initially, or after device
information, such has the OS version, has changed.
Therefore, there are circumstances in which AnyConnect mis-reports mobile posture information if
the user relies on iOS’s Connect on Demand feature to make a connection initially, or after device
information, such has the OS version, has changed.