+1 on AnyConnect. L2TP/IPSec are lower layer protocols, and I wouldn't bet on them supported natively on mobile devices indefinitely if the vendors want to push the platform forward. I presume Apple partnered with Cisco and built it into iOS at v1 so it would be a commercial success, but five years on there are better ways to do VPN. It is probably both technically and politically cumbersome for both vendors to get bug fixes and updates for IPsec client rolled together with OS updates. With the upper layer SSL stuff Apple and Cisco are free of each other. Cisco now updates AnyConnect for whatever reason they wish at a rate of about every 2-3 months from what I've seen. That's a good thing. Separating the OS from everything that can be an app just makes sense for everyone concerned rather than doing things at lower layers that could be done at higher layers because it was done that way in the past or free. I'd guess Apple will pull the Cisco IPsec client from iOS soon. Perhaps v7? AnyConnect is cheap and easy to setup, and those who don't wish to use anything else aren't entitled to dictate OS development. I could be totally wrong here, but that's how it seems to me.
On Android its a different matter, at least last I checked. AnyConnect was only supported without rooting on a few Samsung Galaxy models, so I don't know how that will end up. If Google takes the same attitude as the Linux community on backwards compatibility and IPsec never dies it will hurt the platform, but if the platform is fragmented such that vendors can't support SSL VPN on it widely I'm not sure what the alternative is. So on Android is isn't as happy a story, but I doubt it is Cisco's fault. Just one of the many unknowns about that platform. On Fri, Jul 13, 2012 at 11:41 AM, Scott Smith <ssm...@siu.edu> wrote: > We've also standardized on the l2tp on ASA's as it's free & works with > native OS's. > > Yup....it's a Droid !!! > On Jul 13, 2012 9:28 AM, "David Blahut" <dabla...@vassar.edu> wrote: > >> I had to add the AnyConnect for Mobile license to our ASA to get the >> client to work on idevices and Androids. Do a sh ver and see if it is >> enabled. >> >> On the plus side the price was reasonable. >> >> -d >> >> On Thu, Jul 12, 2012 at 2:19 PM, Julian Y Koh >> <kohs...@northwestern.edu>wrote: >> >>> On Jul 12, 2012, at 13:12 , Curtis K. Larsen wrote: >>> > >>> > Curious to know what others are doing for Cisco VPN Access from their >>> Android Devices: >>> >>> With the ASAs, we were able to get L2TP/IPSec working from Android >>> devices that support it. I can't remember exactly which version of Android >>> started using that offhand. >>> >>> >>> -- >>> Julian Y. Koh >>> Manager, Network Transport, Telecommunications and Network Services >>> Northwestern University Information Technology (NUIT) >>> 2001 Sheridan Road #G-166 >>> Evanston, IL 60208 >>> 847-467-5780 >>> NUIT Web Site: <http://www.it.northwestern.edu/> >>> PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html> >>> >>> >>> >>> >>> ********** >>> Participation and subscription information for this EDUCAUSE Constituent >>> Group discussion list can be found at http://www.educause.edu/groups/. >>> >>> >> ********** Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/. >> >> ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
