Cisco Legacy AnyConnect

This VPN connection type is supported on iOS devices (up to version 12.0), , Android, and Windows devices.

Cisco Legacy AnyConnect is a universal app that can be used with Samsung Knox or with any Android device. This app can be used for all VPN modes:

  • Per-app inside the Knox container
  • Per-app outside the Knox container
  • Per-container (Knox)
  • Per-device (Knox)
  • Per-device (Android)

Use the following guidelines to configure Cisco Legacy AnyConnect VPN.

Within these selections, you may make settings for:

Proxy - None (default)

Use the following guidelines to configure a Cisco Legacy AnyConnect VPN without a proxy.

Table 54.  Proxy - None settings

Item

Description

Name

Enter a short phrase that identifies this VPN setting.

Description

Provide a description that clarifies the purpose of these settings.

Channel

For macOS only. Select one of the following distribution options:

  • Device channel - the configuration is effective for all users on a device. This is the typical option.

  • User channel - the configuration is effective only for the currently registered user on a device.

Connection Type

Select Cisco Legacy AnyConnect.

Samsung Knox

When selecting this option, a Samsung Knox license is required.

A VPN setting with this option selected cannot be successfully applied to a non-Samsung Android device.

This setting is ignored on non-Android devices.

Deploy inside Knox Workspace

Select this option to deploy the VPN client app inside the Knox Workspace (container). Deploying the app inside the container means that the Knox security platform protects the app and its data.

This option is available only if you select the Samsung Knox option.

See:

Server

Enter the IP address, hostname, or URL for the VPN server.

Proxy

None is the default setting. To configure a Manual or Automatic proxy, go to Proxy - Manual or Proxy - Automatic.

Username

Specify the user name to use. The default value is $USERID$. Use this field to specify an alternate format, such as:

$USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as the following:

  • $USERID$:$EMAIL$

  • $USERID$_$EMAIL$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username.

Some enterprises have a strong preference concerning which identifier is exposed.

User Authentication

Select the user authentication to use:

  • Password - see next row for information.

  • Certificate - If you select Certificate, select the identity certificate to be used as the account credential.

If you select Certificate, and extended authentication (EAP) is not used, this certificate will be sent out for IKE client authentication. If extended authentication is used, this certificate can be used for EAP-TLS.

Password

Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables:

$USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as $EMAIL$:$PASSWORD$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.

Group Name

Specify the name of the group to use.

VPN On Demand

If the Samsung Knox and per-App VPN fields are both selected, then select this option to use VPN On Demand.

Per-App VPN

You cannot delete a per-app VPN setting that is being used by an app. Remove the per-app VPN setting from the app before you delete the setting.

You can enable per-app VPN for an app when you:

  • Add the app in the App Catalog.

  • Edit an in-house app or an App Store app in the App Catalog.

When multiple labels are assigned to associate the selected VPN configurations in the Per-App VPN section, then VPN prioritization will happen in the order of the selected list.

See the Ivanti EPMM Apps@Work Guide for information about how to add or edit apps.

Provider Type

This setting applies to iOS and macOS devices only.

Continue to Custom Data.

Proxy - Manual

If you select Manual, you must specify the proxy server, port number, and proxy domain information.

Table 55.  Proxy - Manual settings

Item

Description

Name

Enter a short phrase that identifies this VPN setting.

Description

Provide a description that clarifies the purpose of these settings.

Channel

For macOS only. Select one of the following distribution options:

  • Device channel - the configuration is effective for all users on a device. This is the typical option.

  • User channel - the configuration is effective only for the currently registered user on a device.

Connection Type

Select Cisco Legacy AnyConnect.

Samsung Knox

When selecting this option, a Samsung Knox license is required.

A VPN setting with this option selected cannot be successfully applied to a non-Samsung Android device.

This setting is ignored on non-Android devices.

Deploy inside Knox Workspace

Select this option to deploy the VPN client app inside the Knox Workspace (container). Deploying the app inside the container means that the Knox security platform protects the app and its data.

This option is available only if you select the Samsung Knox option.

See:

Server

Enter the IP address, hostname, or URL for the VPN server.

Proxy Server

Enter the name for the proxy server.

Proxy Server Port

Enter the port number for the proxy server.

Type - Select Static or Variable for the type of authentication to be used for the proxy server.

Proxy Server User Name

If the authentication type is Static, enter the user name for the proxy server.

If the authentication type is Variable, the default variable selected is $USERID$.

Proxy Server Password

If the authentication type is Static, enter the password for the proxy server. Confirm the password in the field below.

If the authentication type is Variable, the default variable selected is $PASSWORD$.

Proxy Domains (iOS only)

This setting applies to iOS and macOS devices only.

Username

Specify the user name to use. The default value is $USERID$. Use this field to specify an alternate format, such as:

$USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as the following:

  • $USERID$:$EMAIL$

  • $USERID$_$EMAIL$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username.

Some enterprises have a strong preference concerning which identifier is exposed.

User Authentication

Select the user authentication to use:

  • Password - see next row for information.

  • Certificate - If you select Certificate, select the identity certificate to be used as the account credential.

If you select Certificate, and extended authentication (EAP) is not used, this certificate will be sent out for IKE client authentication. If extended authentication is used, this certificate can be used for EAP-TLS.

Password

Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables:

$USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as $EMAIL$:$PASSWORD$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.

Group Name

Specify the name of the group to use.

VPN on Demand

If the Samsung Knox and per-App VPN fields are both selected, then select this option to use VPN On Demand.

Per-App VPN

Select Yes to create a per-app VPN setting.

You cannot delete a per-app VPN setting that is being used by an app. Remove the per-app VPN setting from the app before you delete the setting.

You can enable per-app VPN for an app when you:

  • Add the app in the App Catalog.

  • Edit an in-house app or an App Store app in the App Catalog.

When multiple labels are assigned to associate the selected VPN configurations in the Per-App VPN section, then VPN prioritization will happen in the order of the selected list.

See the Ivanti EPMM Apps@Work Guide for information about how to add or edit iOS apps.

Provider Type

This setting applies to iOS and macOS devices only.

Continue to Custom Data.

Proxy - Automatic

If you selected an Automatic proxy, you must specify the proxy server URL and proxy domain(s).

Table 56.  Proxy - Automatic settings

Item

Description

Name

Enter a short phrase that identifies this VPN setting.

Description

Provide a description that clarifies the purpose of these settings.

Channel

For macOS only. Select one of the following distribution options:

  • Device channel - the configuration is effective for all users on a device. This is the typical option.

  • User channel - the configuration is effective only for the currently registered user on a device.

Connection Type

Select Cisco Legacy AnyConnect.

Samsung Knox

When selecting this option, a Samsung Knox license is required.

A VPN setting with this option selected cannot be successfully applied to a non-Samsung Android device.

This setting is ignored on non-Android devices.

Deploy inside Knox Workspace

Select this option to deploy the VPN client app inside the Knox Workspace (container). Deploying the app inside the container means that the Knox security platform protects the app and its data.

This option is available only if you select the Samsung Knox option.

See:

Server

Enter the IP address, hostname, or URL for the VPN server.

Proxy Server URL

Enter the URL for the proxy server.

Enter the URL of the location of the proxy auto-configuration file.

Proxy Domains (iOS only)

This setting applies to iOS and macOS devices only.

Username

Specify the user name to use (required.) The default value is $USERID$. Include at least one of the following variables:

$USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as the following:

  • $USERID$:$EMAIL$

  • $USERID$_$EMAIL$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username.

User Authentication

Select the user authentication to use:

  • Password - see next row for information.

  • Certificate - If you select Certificate, select the identity certificate to be used as the account credential.

If you select Certificate, and extended authentication (EAP) is not used, this certificate will be sent out for IKE client authentication. If extended authentication is used, this certificate can be used for EAP-TLS.

Password

Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables:

$USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as $EMAIL$:$PASSWORD$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.

Group Name

Specify the name of the group to use.

VPN On Demand

If the Samsung Knox and per-App VPN fields are both selected, then select this option to use VPN On Demand.

Per-App VPN

Select Yes to create a per-app VPN setting.

You cannot delete a per-app VPN setting that is being used by an app. Remove the per-app VPN setting from the app before you delete the setting.

You can enable per-app VPN for an app when you:

  • Add the app in the App Catalog.

  • Edit an in-house app or an App Store app in the App Catalog.

When multiple labels are assigned to associate the selected VPN configurations in the Per-App VPN section, then VPN prioritization will happen in the order of the selected list.

See the Ivanti EPMM Apps@Work Guide for information about how to add or edit iOS apps.

Provider Type

This setting applies to iOS and macOS devices only.

Continue to Custom Data.

Custom Data

Custom Data does not apply to Android devices.

  • Add+ - Click to add a new key / value pair.
  • Key / Value - Enter the Key / value pairs necessary to configure the VPN setting. The app creator should provide the necessary key / value pairs.