Cisco AnyConnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client for Mobile Platforms Data Sheet

  • Viewing Options

  • PDF (282.8 KB)
  • Feedback
Ready to Upgrade Your Firewall?

Get tested and validated design details for fast and reliable deployment in the Technology Design Guide. Also, save up to 15% when you upgrade your old firewall.

The Cisco AnyConnect® Secure Mobility Client for Mobile Platforms provides reliable and easy-to-deploy encrypted network connectivity from smartphones and tablets along with persistent corporate access for employees on the go.

Product Overview

You can now safeguard employee smartphones and tablets with the Cisco AnyConnect Secure Mobility Client for Mobile Platforms, available for Apple iOS, Android, Windows Phone 8.1, BlackBerry 10.3.2 and later, select Amazon Kindle and Fire Phone devices, and Google Chrome OS (early preview version).

Whether an employee is accessing business email, a virtual desktop session, or other enterprise applications, the AnyConnect client is an easy-to-use interface for business-critical information. The client uses Datagram Transport Layer Security (DTLS), IP Security Internet Key Exchange version 2 (IPsec IKEv2), and TLS (HTTP over TLS/SSL) to provide business-critical applications, including latency-sensitive applications such as voice over IP (VoIP), with encrypted access to corporate resources. AnyConnect 4.x supports per-app VPN functions for iOS 8.3 and later.

Figure 1 shows a sample AnyConnect user interface on Apple iOS and Android devices.

Figure 1.      User Interface on Apple iOS and Android Devices

Features and Benefits

Table 1 lists the features and benefits of the AnyConnect Secure Mobility Client for Mobile Platforms. Feature availability varies by platform. Please see the platform release notes and documentation for specific supported feature details for a particular operating system.

Table 1.       Features and Benefits



Software access and compatibility

Available on application marketplaces

  Apple App Store: for Apple iOS 6.0 and later
  Google Play: for Android 4.0 and later
Note that there are multiple AnyConnect images available, so it is important that you select the correct image for your device. See the Android release notes for specific requirements.
  Windows Store: for Windows Phone 8.1 Update 1 and later
  BlackBerry App World: for BlackBerry 10.3.2 and later
  Google Chrome OS: for Chrome OS 43 and later (early preview)
  Amazon Appstore: for select Kindle and Fire Phone devices

Optimized network access

  Automatically adapts its tunneling to the most efficient method possible based on network constraints
  Uses DTLS to provide an optimized connection for TCP-based application access and latency-sensitive traffic, such as VoIP traffic
  Uses TLS (HTTP over TLS/SSL) to help ensure availability of network connectivity through locked-down environments
  IPsec IKEv2 provides an optimized connection for latency-sensitive traffic when security policies require the use of IPsec (requires Cisco Adaptive Security Appliance 8.4 or later)
  Compatible with ASA VPN load balancing

Mobility friendly

  Resumes transparently after IP address change, loss of connectivity, or device standby

Battery friendly

  Compatible with device sleep operation


  Supports strong encryption, including AES-256 and 3DES-168. (The security gateway device must have a strong-crypto license enabled.)
  Next-generation encryption, including NSA Suite B algorithms, ESPv3 with IKEv2, 4096-bit RSA keys, Diffie-Hellman group 24, and enhanced SHA2 (SHA-256 and SHA-384). Available only for IPsec IKEv2 connections. An AnyConnect Apex license is required.

Authentication options

  RADIUS with Password Expiry (MSCHAPv2) to NT LAN Manager (NTLM)
  RADIUS onetime password (OTP) support (state and reply message attributes)
  RSA SecurID
  Active Directory or Kerberos
  Digital certificate (compatible with AnyConnect integrated Simple Certificate Enrollment Protocol, or SCEP, for credential deployment)
  Generic Lightweight Directory Access Protocol (LDAP) support
  LDAP with password expiry and aging
  Combined certificate and username-password multifactor authentication (double authentication)

Consistent user experience

  Full-tunnel client mode supports remote-access users requiring a consistent LAN-like user experience

Centralized policy control and management

  Policies can be preconfigured or configured locally and can be automatically updated from the VPN security gateway
  Universal Resource Indicator (URI) handler for AnyConnect eases deployments through URLs embedded in webpages or applications
  Certificates can be viewed and managed locally

Advanced IP network connectivity

  Administrator-controlled split- or all-tunneling network access policy
  Per-app VPN policy for iOS 8.3 and later (requires Cisco ASA 5500-X with OS 9.3.2 or later and AnyConnect Plus or Apex license)
  Access control policy

IP address assignment mechanisms:

  Internal pool
  Dynamic Host Configuration Protocol (DHCP)


In addition to English, the following language translations are included:

  Canadian French (fr-ca)
  Czech (cs-cz)
  German (de-de)
  Japanese (ja-jp)
  Korean (ko-kr)
  Latin American Spanish (es-co)
  Polish (pl-pl)
  Simplified Chinese (zh-cn)


  On-device statistics and logging information are available.
  Logs can be viewed on device.
  Logs can be easily emailed to Cisco or an administrator for analysis.

Platform Compatibility

The AnyConnect Secure Mobility Client is compatible with all Cisco ASA 5500-X Series Next-Generation Firewalls and Cisco 5500 Series Enterprise Firewall Edition models running ASA Software Release 8.0(4) or later. Use of current ASA software releases is advised.

Certain features require later ASA Software releases or ASA 5500-X models.

Cisco supports AnyConnect VPN access to Cisco IOS® Release 15.1(2)T or later functioning as the highly secure gateway with certain feature limitations. Please see Features Not Supported on the Cisco IOS SSL VPN for details. Refer to for additional Cisco IOS Software feature support information.

Additional compatibility information may be found at

Licensing Options and Ordering Information

The AnyConnect Ordering Guide covers licensing and ordering information for AnyConnect, clientless SSL VPN, and third-party IKEv2 remote-access VPN usage. AnyConnect Plus or Apex licenses are required for full platform and feature support. Customers with existing Essentials or Premium and Mobile licenses are permitted to use the iOS and Android versions (excluding per-app VPN functions) until April 30, 2016. All other mobile platforms require Plus or Apex licenses. AnyConnect VPN connectivity to non-Cisco headend equipment is never permitted. For more information, see the ordering guide at

Cisco Capital

Financing to Help You Achieve Your Objectives

Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more.

For More Information

   Cisco AnyConnect Secure Mobility Client homepage:

   Cisco AnyConnect documentation:

   Cisco ASA 5500-X Series Next-Generation Firewalls:

   Cisco AnyConnect License Agreement and Privacy Policy:


This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit.

This product includes cryptographic software written by Eric Young.

This product includes software written by Tim Hudson.

This product incorporates the libcurl HTTP library: Copyright 1996-2006, Daniel Stenberg.