Cisco Cisco ASA 5555-X Adaptive Security Appliance

Page 15 of 16

4. The Automatic SCEP Host value in the VPN client profile matches the Group Alias of the connection profile.

For example, if the Group Alias is set to certenroll and the ASA address is asa.example.com, you need to set

the Automatic SCEP Host to asa.example.com/certenroll.

5. The command ssl certificate-authentication interface outside port 443 is enabled on the ASA.

Jabber Doesn’t Auto-Launch the AnyConnect App on iOS Devices

Ensure that

1. The On-Demand VPN URL is configured inside the Cisco Unified Communications Manager for the device.

2. The On-Demand domain list (Always Connect or Connect If Needed) in the AnyConnect profile includes the

On-Demand VPN URL.

Diagnostic AnyConnect Reporting Tool (DART)

DART can be used to collect data useful for troubleshooting AnyConnect installation and connection problems. The

DART wizard runs on the computer that runs the AnyConnect client. DART assembles the logs, status, and

diagnostic information for analysis by the Cisco Technical Assistance Center (TAC). DART does not require

administrator privileges and supports Windows and Mac OS X.

On the iOS and Android devices, AnyConnect includes the capability to collect and email the logs to the

administrator.

Cisco Jabber also includes options to collect logs for troubleshooting purposes.

Conclusion

The Cisco Jabber and Cisco AnyConnect clients work seamlessly together to provide a rich collaboration

experience for users, whether they are on the company network or on the go. The best practices identified, such as

On-Demand VPN, certificate authentication and enrollment, VPN session timeouts, and split-tunnel policy enhance

the user experience while helping ensuring security.

DART:

iPhone logs:

Jabber logs: