Guest

Cisco AnyConnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client for Mobile Platforms Data Sheet

  • Viewing Options

  • PDF (424.1 KB)
  • Feedback

Product Overview

The Cisco AnyConnect® Secure Mobility Client for Mobile Platforms enables enterprises to enhance employee productivity by securing their employees’ smartphones and tablets. The client is available for Apple iOS and Android 4.0 and later (Ice Cream Sandwich and Jelly Bean) operating systems, as well as a growing number of Android devices from HTC, Lenovo, Motorola, and Samsung. The client may also be used on Android platforms where root access is available.

The Cisco AnyConnect Secure Mobility Client for Mobile Platforms provides reliable and easy-to-deploy encrypted network connectivity from smartphones and tablets by delivering persistent corporate access for employees on the go. Whether an employee is accessing business email, a virtual desktop session, or other enterprise applications, the Cisco AnyConnect client offers an easy-to-use interface to business-critical information. The client uses Datagram Transport Layer Security (DTLS) and Transmission Control Protocol (TCP) to provide business-critical applications, including latency-sensitive applications such as voice-over-IP (VoIP), with encrypted access to corporate resources.

Figure 1 shows a sample Cisco AnyConnect VPN configuration on Apple iOS.

Figure 1.      Cisco AnyConnect Icon and Sample VPN Configuration on Apple iOS

Figure 2 shows a sample Cisco AnyConnect VPN configuration on Google Android.

Figure 2.      Cisco AnyConnect Icon and Sample VPN Configuration on Google Android

Features and Benefits

Table 1 lists the features and benefits of the Cisco AnyConnect Secure Mobility Client for Mobile Platforms.

Table 1.       Features and Benefits

Feature

Benefit

Compatibility

Apple iOS: Apple iPhone® 3G, 3GS, 4, 4S, and 5; Apple iPod touch® (second, third, and fourth generations); and Apple iPad, iPad2, the iPad HD, and the iPad mini

Google Android: tuntap (tun.ko) support is required

  Generic Android VPN Framework (4.0+/Ice Cream Sandwich and Jelly Bean)
  HTC: For the latest list of supported devices, see: http://www.htcpro.com/enterprise/VPN
  Lenovo
  Motorola
  Samsung
  Generic Google Android with root privileges (2.3+/Gingerbread, Honeycomb, ICS, and Jelly Bean) [1]
   Please note that additional supported devices are frequently added.
   For a current list of supported Android devices, please see the AnyConnect for Android Release Notes or the Google Play description for the appropriate image. Certain platform restrictions apply, including requirements for minimum device software versions.
   Certain features may not be available on all platforms due to OS restrictions. Please read the Release Notes for specific feature availability details.

Software Access

Available on application marketplaces:

  Apple: iTunes App Store SM: Apple iOS 4.1+ devices
  Google Play: Multiple Cisco AnyConnect images are available. It is important to select the correct image for your device.

Optimized Network Access

  Automatically adapts its tunneling to the most efficient method possible based on network constraints
  Uses DTLS to provide an optimized connection for TCP-based application access and latency-sensitive traffic, such as VoIP traffic
  Uses TLS (HTTP over TLS/SSL) to ensure availability of network connectivity through locked-down environments
  IPsec/IKEv2 provides an optimized connection for latency-sensitive traffic when security policies require use of IPsec (new in Cisco AnyConnect 3.0 for Mobile Platforms)
  Compatible with Cisco ASA VPN load balancing

Mobility-Friendly

  Resumes seamlessly after IP address change, loss of connectivity, or device standby
  Trusted Network Detection (TND) pauses or disconnects VPN sessions when connected to corporate trusted networks
   Due to platforms limitations, TND is not available for generic Android or Apple iOS.

Battery-Friendly

  Compatible with Apple iOS device sleep operation

Encryption

  Supports strong encryption, including AES-256 and 3DES-168 (The security gateway device must have a strong-crypto license enabled.)
  Next-generation encryption, including NSA Suite B algorithms, ESPv3 with IKEv2, 4096-bit RSA keys, Diffie-Hellman group 24, and enhanced SHA2 (SHA-256 & SHA-384). (Only available for IPsec IKEv2 connections. A Premium ASA license is required.)

Authentication Options

  RADIUS
  RADIUS with Password Expiry (MSCHAPv2) to NT LAN Manager (NTLM)
  RADIUS one-time password (OTP) support (state/reply message attributes)
  RSA SecurID
  Active Directory/Kerberos
  Digital certificate (compatible with Cisco AnyConnect integrated SCEP for credential deployment)
  Generic Lightweight Directory Access Protocol (LDAP) support
  LDAP with Password Expiry and Aging
  Combined certificate and username/password multifactor authentication (double authentication)

Consistent User Experience

  Full-tunnel client mode supports remote-access users requiring a consistent LAN-like user experience

Centralized Policy Control and Management

  Policies can be preconfigured or configured locally, and can be automatically updated from the VPN security gateway
  Universal Resource Indicator (URI) handler for Cisco AnyConnect eases deployments through URLs embedded in webpages or applications
  Certificates can be viewed and managed locally

Advanced IP Network Connectivity

  Administrator-controlled split- or all-tunneling network access policy
  Access control policy

IP address assignment mechanisms:

  Static
  Internal pool
  Dynamic Host Configuration Protocol (DHCP)
  RADIUS/LDAP

Localization

In addition to English, the following language translations are included:

  Canadian French (fr-ca)
  Czech (cs-cz)
  German (de-de)
  Japanese (ja-jp)
  Korean (ko-kr)
  Latin American Spanish (es-co)
  Polish (pl-pl)
  Simplified Chinese (zh-cn)

Diagnostics

  On-device statistics and logging information
  View logs on device
  Logs can be easily emailed to Cisco or an administrator for analysis

Platform Compatibility

The Cisco AnyConnect Secure Mobility Client is compatible with all Cisco ASA 5500 Series Adaptive Security Appliance models running Cisco ASA Software Release 8.0(4) and later.

Additional compatibility information may be found at http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html.

Cisco AnyConnect Secure Mobility Client Licensing Options

Table 2 lists licensing options for the Cisco AnyConnect Secure Mobility Client.

Table 2.       Cisco AnyConnect Secure Mobility Client Licensing Options

License Requirements
(each license below is required)

Description

Cisco ASA Platform License

Cisco AnyConnect Essentials[2] (P/N: (L-ASA-AC-E-55**=) 5, 10, 20, 40, 50, 80, 85)

  Highly secure remote-access connectivity
  Single license per ASA device model (not a per-user license); enables maximum simultaneous users on platform
  Full-tunneling access to enterprise applications

Cisco AnyConnect Premium[3](P/N: (L-ASA-SSL-***=) 10, 25, 50, 100, 250, 500, 1000, 2500, 5000, 10,000)

  Also provides support for clientless SSL VPN and capabilities available on desktop Cisco AnyConnect platforms, including Cisco HostScan and Always-On VPN connectivity
  License is based on number of simultaneous users and is available as a single device or shared license

Cisco AnyConnect Mobile License5

P/N: (L-ASA-AC-M-55*=)
5, 10, 20, 40, 50, 80, 85

  Enables mobile OS platform compatibility
  Required (single license) per security gateway device, in addition to Essentials or Premium licenses
  No per-user license required

Electronic License Delivery

Most licenses are available for electronic delivery; this significantly speeds up license fulfillment time. To order a license electronically, be sure to order part number(s) that begin with "L-." If you have any questions regarding licensing or would like evaluation licenses, please contact ac-mobile-license-request (AT) cisco.com and include a copy of the results of the “show version” command from your Cisco ASA appliance.

If you already have an Essentials or Premium ASA license, you may use the automated license request tool at https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?FormId=717.

Warranty Information

Find warranty information at the Cisco Product Warranties page.

Ordering Information

To place an order for a security gateway license, visit the Cisco Ordering Home Page. See Table 1 for compatible platforms and software access information.

Security gateway licenses are required to enable connectivity. Please refer to the Cisco AnyConnect Licensing Options section for additional information on the available options. For a list of available licensing options that enable connectivity with the Cisco AnyConnect Secure Mobility Client, please refer to the Cisco AnyConnect Secure Mobility Client Features, Licenses, and OSs webpage.

Acknowledgements

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit.

This product includes cryptographic software written by Eric Young.

This product includes software written by Tim Hudson.

This product incorporates the libcurl HTTP library: Copyright © 1996-2006, Daniel Stenberg.

For More Information

Cisco AnyConnect Secure Mobility Client homepage:
http://www.cisco.com/go/anyconnect.

Cisco AnyConnect documentation: http://www.cisco.com/en/US/products/ps8411/tsd_products_support_series_home.html.

Cisco ASA 5500 Series Adaptive Security Appliances:
http://www.cisco.com/go/asa.

Cisco ASA 5500 Series Adaptive Security Appliance Licensing Information:
http://www.cisco.com/en/US/products/ps6120/products_licensing_information_listing.html.

Cisco AnyConnect License Agreement and Privacy Policy: http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/eula-seula-privacy/AnyConnect_Supplemental_End_User_License_Agreement.htm.

 

 

 



[1] Requires root access, tuntap, and iptables. Root access is not available by default in Android without modification of the OS.
[2] Replace ** with the appropriate last two digits of the ASA model number.
[3] Replace *** with the number of total number of license seats.