First published on TechNet on Apr 17, 2018
We recently shared that Intune will now support Cisco AnyConnect 4.0.7 and higher for iOS. In this post, we provide more information on the process of switching from Cisco Legacy AnyConnect (4.0.5 and earlier) to the new AnyConnect app and also document one known issue related to NAC.
What’s New?
If you were unaware, last year Cisco announced that they had created a new Cisco AnyConnect client for iOS built on a new framework. Version 4.0.7 would use the new framework, and Cisco AnyConnect versions 4.0.5 and earlier would be renamed Cisco Legacy AnyConnect. Support for the newer Cisco AnyConnect client has been added to Intune, while support for the legacy client will remain. Support for the newer AnyConnect client has also been added to Configuration Manager for hybrid mobile device management (MDM) as a pre-release feature.
This does not impact Android, Android enterprise (formerly Android for Work), or macOS VPN profiles in any way for Intune standalone. Note that in hybrid, since iOS and macOS share an experience in the VPN profile wizard, you will need to use the "Cisco Legacy AnyConnect" with macOS.
Switching from the Legacy AnyConnect Client to the new one
First off, existing iOS Cisco AnyConnect VPN profiles will be labeled Cisco Legacy AnyConnect and will continue to work with Cisco AnyConnect 4.0.5x and earlier as they do today. New VPN profiles created for Cisco AnyConnect for iOS will work with Cisco AnyConnect 4.0.7x and higher.
You need to create a new iOS Cisco AnyConnect VPN profile to support the new app because the new Cisco AnyConnect app and Cisco Legacy AnyConnect app are separate apps. If you are managing the AnyConnect client in your environment, you need to deploy the new Cisco AnyConnect app as well. To complete an upgrade, you also need to delete your Cisco Legacy AnyConnect VPN profile and remove the Cisco Legacy AnyConnect app.
Here's how you switch:
- Create a new VPN profile for iOS, using “Cisco AnyConnect” as the connection type.
- If you are using per-app VPN, be sure to associate the apps with this new profile.
- Add the new Cisco AnyConnect client from the iOS App Store and assign it to the desired groups.
- Assign the new Cisco AnyConnect profile to the same groups.
- Once you are certain the new client and profile have been deployed and are working with no issues, remember to un-assign and delete the Cisco Legacy AnyConnect profile.
- Remove the Cisco Legacy AnyConnect app from your environment.
Known Issue
Network access control (NAC) integration will not work for the new AnyConnect client in the initial release. We are working with Cisco to provide NAC integration in a future Intune release.
More information
Documentation has additional information at the links below:
Blog Updates
5/2/18 - Updated with the hybrid prerelease information and docs link.
