AnyConnect Mobile Platforms and Feature Guide - Cisco
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
AnyConnect Mobile Platforms and Feature Guide AnyConnect Mobile Platforms and Features 2
Revised: February 6, 2020
AnyConnect Mobile Platforms and Features
Android Supported Devices
Full support for Cisco AnyConnect on Android is provided on devices running Android 4.0 (Ice Cream Sandwich) through the latest
release of Android.
Cisco AnyConnect on Kindle is available from Amazon for the Kindle Fire HD devices, and the New Kindle Fire. AnyConnect for
Kindle is equivalent in functionality to the AnyConnect for Android package.
Per App VPN is supported in managed and unmanaged environments. In a managed environment using Samsung KNOX MDM,
Samsung devices running Android 4.3 or later with Samsung Knox 2.0, are required. When using Per App in an unmanaged environment,
the generic Android methods are used.
For the Network Visibility Module (NVM) capabilities, Samsung devices that are running Samsung Knox 2.8 or later (including 3.2),
which requires Android 7.0 or later, are required. For configuration of NVM, the AnyConnect Profile Editor from AnyConnect 4.4.3
or later is also required. Earlier releases do not support mobile NVM configurations.
Apple iOS Devices Supported
Cisco AnyConnect 4.0.07x and later is the latest and recommended version available on all iPhones, iPads, and iPod Touch devices
running Apple iOS 10.3 and later.
If a device does not support Apple iOS 10.3 or later, only Legacy AnyConnect 4.0.05x, available on all iPhones, iPads, and iPod
Touch devices running Apple iOS 6.0 and later, can be used. Per App tunneling in Legacy AnyConnect requires Apple iOS 8.3 or
later.
Note AnyConnect on the iPod Touch appears and operates as on the iPhone.
BlackBerry Supported Devices
Full support for Cisco AnyConnect on BlackBerry is provided on devices running BlackBerry OS 10.3.2 and later. For the best
AnyConnect experience, Cisco strongly recommends you upgrade your device to 10.3.2.
See BlackBerry User Guide for Cisco AnyConnect Secure Mobility Client, Release 4.0.x for installation and upgrade procedures.
Google Chrome OS Supported Devices
Cisco AnyConnect on Google Chromebook requires Chrome OS 43 or later. Stability and feature enhancements are available in
Chrome OS 45 (currently available on the Google Chrome Dev channel).
AnyConnect on Google Chromebook cannot be used from a standalone Chrome browser on another platform.
Many new Chromebooks are capable of supporting Android applications. While the Cisco AnyConnect on Android application can
run on a Chromebook with this support, the OS only tunnels Android applications when using Android AnyConnect. At this time,
we recommend only using the Chrome version of AnyConnect on Chromebooks. It is our expectation that this will change in the
future when the Android application becomes the primary version for these Chromebooks, but this is not the case today.
2See Google Chrome OS User Guide for Cisco AnyConnect Secure Mobility Client, Release 4.0.x for installation and upgrade
procedures.
Windows Phone Supported Devices
Windows 10 Mobile Support
AnyConnect on Windows Mobile or Windows Phone is supported on mobile devices that run Microsoft Windows 10 Mobile.
Windows 10 Mobile is not intended for non-mobile Windows 10 devices. Cisco has a fully featured version of AnyConnect available
for non-mobile devices, which is not distributed in the Windows store.
Windows Phone 8.1 Support
Note “Effective December 31 2017, Cisco will no longer provide AnyConnect for Windows Phone 8.1 for new downloads in the
Windows App Store. Microsoft has previously announced End of Support for this operating system
https://support.microsoft.com/en-us/help/4001737/products-reaching-end-of-support-for-2017.
Till December 31, 2017 AnyConnect is also supported on mobile devices that run Microsoft Windows Phone 8.1 Update which
includes the following versions: 8.10.14141.167, 8.10.14147.180, 8.10.14157.200, 8.10.14176.243, 8.10.14192.280, 8.10.14203.206,
8.10.14219.341, or 8.10.14226.359. The OS on the phone must be one of the listed versions in order for AnyConnect to work properly.
Users can verify their OS version at Settings > About > More Information on their device. For more OS version information see
Microsoft's Windows Phone 8.1 update history.
Note Earlier versions of Windows Phone 8.1 will allow AnyConnect installation, but it will not operate or be available to configure
under Settings > VPN > AddProfile > Type.
See Windows Phone User Guide for Cisco AnyConnect Secure Mobility Client, Release 4.1.x for installation and upgrade procedures.
AnyConnect Mobile Platforms Feature Matrix
Category: Feature Android VPN Apple iOS BlackBerry Chrome Windows Phone
Deployment and
Configuration:
Install or upgrade from Yes Yes Yes Yes Yes
application store.
Cisco VPN Profile support Yes Yes No Yes No
(manual import)
Cisco VPN Profile support Yes Yes Yes, new profile Yes No
(import on connect) overwrites
existing one.
3Category: Feature Android VPN Apple iOS BlackBerry Chrome Windows Phone
MDM configured connection Yes Yes Yes, using BDS, Yes Yes
entries new profile
overwrites
existing one.
User-configured connection Yes Yes Yes Yes Yes
entries
Tunneling:
TLS Yes Yes Yes Yes Yes
Datagram TLS (DTLS) Yes Yes Yes Yes No
IPsec IKEv2 NAT-T Yes Yes Yes, must be Yes No
enabled and
configured on the
device by the user.
Only EAP
authentication is
supported.
IKEv2 - raw ESP Yes No No No No
Suite B (IPsec only) Yes Yes Yes No No
TLS compression Yes Yes, 32-bit Yes No No
devices only
Dead peer detection Yes Yes Yes, disabled by Yes No
default. If no
response is
received to three
DPD packets in a
row, the device
closes the tunnel
or the ASA
suspends the
tunnel until DPD
exchange is
re-established.
Tunnel keepalive Yes Yes Yes, disabled by Yes No
default.
Multiple active network No No No No No
interfaces
Per App Tunneling Yes, Android 5.0+ Yes, requires No No No
or Samsung Knox Cisco AnyConnect
4.0.09xxx and iOS
10.3 or later.
4Category: Feature Android VPN Apple iOS BlackBerry Chrome Windows Phone
Full tunnel (OS may make Yes Yes Yes Yes Yes
exceptions on some traffic, such
as traffic to the app store).
Split tunnel (split include). Yes Yes Yes Yes Yes
Local LAN (split exclude). No Yes No Yes No, defect in
Windows Phone
8.1.
Split-DNS Yes, works with Yes Yes, Until No Yes
split include. BlackBerry
supports more
than 2 DNS
servers, the Admin
can configure only
one private DNS
server on the ASA
end.
Auto Reconnect / Network Yes, regardless of Yes Yes, BBRY OS Yes, requires Yes, if user
Roaming the Auto feature. When Chrome OS 51 or remains on the
Reconnect profile enabled the VPN later and Cisco same network and
specification, connection is AnyConnect the network
AnyConnect automatically 4.0.0113 or later. connection has not
Mobile always established. This terminated.
attempts to may require the
maintain the VPN user to re-enter
as users move credentials.
between 3G and
WiFi networks.
VPN on-demand (triggered by No Yes, compatible No No Yes
destination) with Apple iOS
Connect on
Demand.
VPN on-demand (triggered by No Yes, when No No No
application) operating in Per
App VPN mode
only.
Rekey Yes Yes Yes, for TLS and Yes Yes, initiated by
DTLS inline gateway only.
(same socket) and
new-tunnels (new
socket).
IPv4 public transport Yes Yes Yes Yes Yes
IPv6 public transport Yes, requires Yes No No Yes
Android 5.0 or
later.
5Category: Feature Android VPN Apple iOS BlackBerry Chrome Windows Phone
IPv4 over IPv4 tunnel Yes Yes Yes Yes Yes
IPv6 over IPv4 tunnel Yes Yes No No Yes
IPv6 over IPv4 tunnel Yes Yes No No Yes
IPv6 over IPv6 tunnel Yes Yes No No Yes
Default domain Yes Yes Yes Yes Yes
DNS server configuration Yes Yes Yes, max of 2 Yes Yes
Private-side proxy support No, WiFi proxies Yes Yes, for URL, Yes, using ASA Yes, limited
are disabled when HTTP and configured proxy support in
the VPN is HTTPS. These PAC URL Windows Phone
established. take precedence of 8.1.
other proxy setting
pushed to the
device. FTP and
Auto proxy not
supported.
Proxy Exceptions No Yes, but wildcard No No No
specifications not
supported
Public-side proxy support No No No No No
Pre-login banner Yes Yes Yes, if Yes Yes
BlackBerry's
Auto-Connect is
enabled. A banner
is shown only
once for the
session. If BDS
pushes credentials
to the device,
banners may not
be shown.
Post-login banner Yes Yes Yes Yes Yes
DSCP Preservation Yes No No No No
Connecting and
Disconnecting:
VPN load balancing Yes Yes Yes Yes Yes
Backup server list Yes Yes Yes Yes No
Optimal Gateway Selection No No No No No
Authentication:
Touch ID No No No No No
6Category: Feature Android VPN Apple iOS BlackBerry Chrome Windows Phone
SAML 2.0 Yes Yes No Yes No
Client Certificate Authentication Yes Yes Yes Yes Yes
Online Certificate Status Yes No No No No
Protocol (OCSP)
Manual user certificate Yes Yes Yes, using BBRY Yes, using Yes, using
management device Chrome device Windows Phone
capabilities. capabilities capabilities.
Manual server certificate Yes Yes Yes, using BBRY Yes Yes
management device
capabilities.
SCEP legacy enrollment Please Yes Yes Yes, if enabled, No No
confirm for your platform. these obtained
certificates
override BDS
pushed
certificates. BDS
may disable this
feature.
SCEP proxy enrollment Please Yes Yes Yes No No
confirm for your platform.
Automatic certificate selection Yes Yes No No Yes
Manual certificate selection Yes Yes Yes Yes No
Smart card support No No No No No
Username and password Yes Yes Yes, also pushed Yes Yes
in BDS VPN
Profile.
Tokens/challenge Yes Yes Yes Yes Yes
Double authentication Yes Yes Yes Yes Yes
Group URL (specified in server Yes Yes Yes Yes Yes
address)
Group selection (drop-down Yes Yes Yes Yes Yes
selection)
Credential prefill from user Yes Yes Yes, AnyConnect Yes Yes
certificate or BDS
Save password No No Yes, by BDS, No No
AnyConnect does
not save
passwords.
User interface:
7Category: Feature Android VPN Apple iOS BlackBerry Chrome Windows Phone
Standalone GUI Yes Yes No Yes, limited Yes, limited
functions. functions.
Native OS GUI No Yes, limited Yes Yes, limited Yes
functions functions.
API / URI Handler (see below) Yes Yes No No No
UI customization No No Yes No No
UI localization Yes, app contains Yes, app contains No No No
pre-packaged pre-packaged
languages. languages.
User preferences Yes Yes No Yes Partial
Home screen widgets for Yes No No No No
one-click VPN access
AnyConnect specific status icon Optional No No No No
Mobile Posture: (AnyConnect
Identity Extensions, ACIDex)
Serial number or unique ID Yes Yes No No No
check
OS and AnyConnect version Yes Yes Yes Yes Yes
shared with headend
AnyConnect NVM support Yes, with specific No No No No
Samsung Knox
and MDM
requirements.
URI Handling:
Add connection entry Yes Yes No No No
Connect to a VPN Yes Yes No No No
Credential pre-fill on connect Yes Yes No No No
Disconnect VPN Yes Yes No No No
Import certificate Yes Yes No No No
Import localization data Yes Yes No No No
Import XML client profile Yes Yes No No No
External (user) control of URI Yes Yes No No No
commands
Reporting and
Troubleshooting:
Statistics Yes Yes Yes Yes No
8Category: Feature Android VPN Apple iOS BlackBerry Chrome Windows Phone
Logging / Diagnostic Yes Yes Yes Yes Yes, Field Medic
Information (DART) app required.
Certifications:
FIPS 140-2 Level 1 Yes Yes No No No
AnyConnect Mobile Related Documentation
For more information refer to the following documentation:
• AnyConnect Release Notes
• AnyConnect Administrator Guides
• Navigating the Cisco ASA Series Documentation
Additional information on using VPN connections with Apple iOS devices is available from Apple:
• https://developer.apple.com/library/ios/search/?q=vpn+server+configuration
• http://support.apple.com/kb/ht1424
9Americas Headquarters Asia Pacific Headquarters Europe Headquarters
Cisco Systems, Inc. CiscoSystems(USA)Pte.Ltd. CiscoSystemsInternationalBV
San Jose, CA 95134-1706 Singapore Amsterdam,TheNetherlands
USA
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the
Cisco Website at www.cisco.com/go/offices.You can also read
