the following to establish VPN connectivity:
An address to a
secure gateway for access to your network.
This address is
configured in a connection entry. Connection entries are listed on the
AnyConnect home screen. The active connection entry is identified in the
AnyConnect VPN panel on the app's home
screen. VPN connection entries are configured on your device automatically or
information to successfully complete your connection.
This will be in the form of a username and password you must
remember, or it will be contained in a digital certificate that has been
configured on your device. For some VPN connections, both authentication
methods may be required. Digital certificates are configured on your device
automatically or manually.
Configure your AnyConnect client as directed by your administrator.
Your administrator provides you with procedures to automate the configuration
of connection entries and digital certificates, or appropriate information to
manually configure these entities. Contact your administrator if you do not
have clear instructions.
A connection entry
specifies a secure gateway that provides access to your private network, as
well as other connection attributes.
entries are configured on your device automatically or manually in the
By clicking on a link
provided by your administrator to configure a connection entry.
The link may
be included in an e-mail or published on a web page. The application preference
External Control must be set to either
Enable to allow this on your device. See
Controlling External Use of AnyConnect
You must know
the address of the secure gateway to your network. The address is the domain
name or the IP address of the secure gateway and it may also specify a group
that you belong to. Other connection attributes can also configured. See
Adding Connection Entries Manually.
Adding Connection Entries Manually
Add a VPN connection entry to identify the VPN secure gateway to which you want to connect.
From the AnyConnect home window, tap Add new VPN Connection to open the Connection Editor.
Cancel out of the Connection Editor window at any time.
(Optional)Choose Description to enter a descriptive name for the connection entry.
Enter a unique name for this connection entry. If not specified, the Server Address is used as the default. Use any letters, spaces, numbers, or symbols on the keyboard display. This field is case-sensitive.
Choose Server Address to enter the address of the secure gateway.
Enter the domain name or IP address of the secure gateway, including a group if specified by your administrator.
(Optional)Tap Advanced Preferencesto change advanced certificate and protocol settings.
Cancel out of the Advanced Connection Editor window at any time.
(Optional)Tap Certificate to specify how user certificates are used for this connection.
Tap Disabled to specify that certificates will not be used for this connection.
Tap Automatic to specify that a certificate will be used to establish a connection only if it is required by the secure gateway.
Tap the certificate that your administrator instructs you to use.
Your administrator will provide you with instructions for installing a user certificate on your mobile device if one is necessary to establish a VPN session. Tap any certificate in the list to view its details.
(Optional)Tap Connect with IPsec to use IPsec instead of SSL for this VPN connection.
This connection attribute is provided to you by your administrator.
The Authentication parameter becomes active if you choose IPsec for your VPN connection protocol.
(Optional)Tap Authentication and choose the authentication method for this IPsec connection.
This connection attribute is provided to you by your administrator.
EAP-AnyConnect (default authentication option)
Your authentication option is shown in the Advanced Connection Editor window.
(Optional)If you have specified EAP-GTC, EAP-MD5, or EAP-MSCHAPv2 to be used for authentication, tap IKE Identity to enter the identity information given to you by your administrator.
Tap Done in both the Advanced Connection Editor window and the Connection Editor window to save the connection values.
AnyConnect adds the new connection entry to the list in the home window.
Modifying a Connection Entry
Change a VPN connection entry to correct a configuration error or comply with an IT policy change.
You cannot modify the description or server address of connection entries downloaded from a secure gateway.
From the AnyConnect home window, long-press the VPN connection entry to be modified.
AnyConnect displays the Select Action window.
Tap Edit connection.
The Connection Editor window displays the parameter values assigned to the connection entry.
Tap the value to be modified, use the on-screen keyboard to enter the new value, and tap OK.
AnyConnect saves the modified connection entry and reopens the AnyConnect home window.
This procedure deletes a manually configured VPN connection entry. The
only way to remove a connection entry imported from a VPN secure gateway is to
remove the downloaded AnyConnect profile that contains the connection entries.
From the AnyConnect home window, long-press the
connection entry to display the
About User Certificates
In order for you, the AnyConnect user, to authenticate to the secure gateway using a digital certificate, you need a user certificate in the AnyConnect certificate store on your device. User certificates are imported using one of the following methods, as directed by your administrator:
Imported automatically after clicking a hyperlink provided by your administrator in an e-mail or on a web page.
Imported manually by you from the device's file system, from the device's credential storage, or from a network server.
Imported when connecting to a secure gateway that has been configured by your administrator to provide you with a certificate.
Once imported, the certificate can be associated with a particular connection entry or selected automatically during connection establishment to authenticate.
You can delete user certificates from the AnyConnect store if they are no longer needed for authentication.
The following explains all possible options for manually importing a user certificate to the AnyConnect store for VPN authentication purposes.
Before You Begin
Obtain the specific certificate import procedures from your adinistrator.
From the AnyConnect home window, tap Menu > Diagnostics > Certificate Management.
Tap the User tab.
Tap Import to import a certificate.
Select your import source:
Tap File System to import a certificate file from the local file system.
Tap Network Location (URI) to import a certificate from a server on the network.
Tap Device Credential Storage to link to a certificate currently in the Device Credential Storage.
The source certificate is not actually copied into the AnyConnect certificate store. If the certificate is removed from Credential Storage, the link to the certificate will also be removed.
This option is available only on devices running Android 4.0 (Ice Cream Sandwich) or later.
When attempting to import a certificate from the Device Credential Storage on Android 4.1 (Jelly Bean), the client shows the error message "This feature is not supported on this version of Android". Import the certificate directly into the AnyConnect store instead of using the Android native store.