Contents
- AnyConnect for BlackBerry Release Notes
- AnyConnect for Blackberry Mobile Devices
- BlackBerry Supported Devices
- Install or Upgrade AnyConnect on BlackBerry Devices
- New Features in AnyConnect 4.0.0.1833 for BlackBerry Mobile Devices
- New Features in AnyConnect 4.0.0.1830 for BlackBerry Mobile Devices
- New Features in AnyConnect 4.0.0.1827 for BlackBerry Mobile Devices
- New Features in AnyConnect 4.0.0.1826 for BlackBerry Mobile Devices
- New Features in AnyConnect 4.0.0.1823 for BlackBerry Mobile Devices
- BlackBerry AnyConnect Feature Matrix
- Adaptive Security Appliance Requirements
- Guidelines and Limitations for AnyConnect on BlackBerry
- Open Issues in AnyConnect for BlackBerry
- Resolved Issues in AnyConnect for BlackBerry
- Resolved Issues in AnyConnect 4.0.0.1827 for BlackBerry
- Resolved Issues in AnyConnect 4.0.0.1826 for BlackBerry
- AnyConnect Mobile Related Documentation
First Published:
Last Updated:
Text Part Number:
AnyConnect for BlackBerry Release Notes
AnyConnect for Blackberry Mobile Devices
The AnyConnect Secure Mobility Client provides remote users with secure VPN connections to the Cisco ASA 5500 Series. It provides seamless and secure remote access to enterprise networks allowing installed applications to communicate as though connected directly to the enterprise network. AnyConnect supports connections to IPv4 resources over an IPv4 or IPv6 tunnel.
This document, written for system administrators of the AnyConnect Secure Mobility Client and the Adaptive Security Appliance (ASA) 5500, supplements the Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.0 and provides release specific information for AnyConnect running on BlackBerry devices.
The AnyConnect app is available on BlackBerry World only. Cisco does not distribute AnyConnect mobile apps. Nor can you deploy the mobile app from the ASA. You can deploy other releases of AnyConnect for desktop devices from the ASA while supporting this mobile release.
AnyConnect Mobile Support Policy
Cisco supports the AnyConnect version that is currently available in the app store; however, fixes and enhancements are provided only in the most recently released version.
AnyConnect Licensing
To connect to the ASA headend an AnyConnect 4.x Plus or Apex license is required, trial licenses are available, see the Cisco AnyConnect Ordering Guide.
For the latest end-user license agreement, see Cisco End User License Agreement, AnyConnect Secure Mobility Client, Release 4.x.
For our open source licensing acknowledgments, see Open Source Software Used In Cisco AnyConnect Secure Mobility Client Release 4.0 for Mobile
BlackBerry Supported Devices
Full support for Cisco AnyConnect on BlackBerry is provided on devices running BlackBerry OS 10.3.2 and later. For the best AnyConnect experience, Cisco strongly recommends you upgrade your device to 10.3.2.
See BlackBerry User Guide for Cisco AnyConnect Secure Mobility Client, Release 4.0.x for installation and upgrade procedures.
Install or Upgrade AnyConnect on BlackBerry Devices
Before You BeginProcedure
Verify you are using a device supported by AnyConnect, see BlackBerry Supported Devices for details.
AnyConnect is available in the BlackBerry World store at http://appworld.blackberry.com/webstore/content/59952066.New Features in AnyConnect 4.0.0.1833 for BlackBerry Mobile Devices
This release of Cisco AnyConnect Secure Mobility Client on BlackBerry devices addresses the most recent OpenSSL vulnerabilities.
Cisco recommends that you update to this release. Please review the information on the app page and the Guidelines and Limitations for AnyConnect on BlackBerry to be aware of current operational considerations.
See the BlackBerry AnyConnect Feature Matrix for a list of supported features in this app.
New Features in AnyConnect 4.0.0.1830 for BlackBerry Mobile Devices
This release of Cisco AnyConnect Secure Mobility Client on BlackBerry devices addresses the most recent OpenSSL vulnerabilities.
Cisco recommends that you update to this release. Please review the information on the app page and the Guidelines and Limitations for AnyConnect on BlackBerry to be aware of current operational considerations.
See the BlackBerry AnyConnect Feature Matrix for a list of supported features in this app.
New Features in AnyConnect 4.0.0.1827 for BlackBerry Mobile Devices
AnyConnect 4.0.0.1827 is a maintenance release of Cisco AnyConnect Secure Mobility Client on BlackBerry that resolves OpenSSL December 2015 vulnerabilities (CSCux97316).
Cisco recommends that you update to this release and review the Guidelines and Limitations for AnyConnect on BlackBerry to be aware of current operational considerations.
See the BlackBerry AnyConnect Feature Matrix for a list of supported features in this app.
New Features in AnyConnect 4.0.0.1826 for BlackBerry Mobile Devices
AnyConnect 4.0.0.1826 is a maintenance release of Cisco AnyConnect Secure Mobility Client on BlackBerry. See the BlackBerry AnyConnect Feature Matrix for a list of supported features in this app.
Cisco recommends that you review the Guidelines and Limitations for AnyConnect on BlackBerry to be aware of current operational considerations.
New Features in AnyConnect 4.0.0.1823 for BlackBerry Mobile Devices
AnyConnect 4.0.0.1823 is the initial release of Cisco AnyConnect Secure Mobility Client on BlackBerry. See the BlackBerry AnyConnect Feature Matrix for a list of supported features in this app.
Cisco recommends that you review the Guidelines and Limitations for AnyConnect on BlackBerry to be aware of current operational considerations.
BlackBerry AnyConnect Feature Matrix
Category: Feature BlackBerry Deployment and Configuration:
Install or upgrade from Application Store Yes Cisco VPN Profile support (manual import) No Cisco VPN Profile support (import on connect) Yes, new profile overwrites existing one. MDM configured connection entries Yes, using BDS, new profile overwrites existing one. User-configured connection entries Yes Tunneling:
TLS Yes Datagram TLS (DTLS) Yes IPsec IKEv2 NAT-T Yes, must be enabled and configured on the device by the user. Only EAP authentication is supported. IKEv2 - raw ESP No Suite B (IPsec only) Yes TLS compression Yes Dead peer detection Yes, disabled by default. If no response is received to three DPD packets in a row, the device will close the tunnel or the ASA will suspend the tunnel until DPD exchange is re-established. Tunnel keepalive Yes, disabled by default Multiple active network interfaces No Per App Tunneling (requires Plus or Apex license and ASA 9.4.2 or later) No Full tunnel (OS may make exceptions on some traffic, such as traffic to the app store) Yes Split tunnel (split include) Yes Local LAN (split exclude) No Split-DNS Yes, Until BlackBerry supports more than 2 DNS servers, the Admin should configure only one private DNS server on the ASA end. Auto Reconnect / Network Roaming Yes, BBRY OS feature, when enabled the VPN connection will be automatically established. May require the user to re-enter credentials. VPN on-demand (triggered by destination) No VPN on-demand (triggered by application) No Rekey Yes, for TLS and DTLS inline (same socket) and new-tunnels (new socket). IPv4 public transport Yes IPv6 public transport No IPv4 over IPv4 tunnel Yes IPv6 over IPv4 tunnel No Default domain Yes DNS server configuration Yes, max of 2 Private-side proxy support Yes, for URL, HTTP and HTTPS. These take precedence of other proxy setting pushed to the device. FTP and Auto proxy not supported. Proxy Exceptions No Public-side proxy support No Pre-login banner Yes, if BlackBerry's Auto-Connect is enabled, a banner will be shown only once for the session. If BDS pushes credentials to the device, banners may not be shown. Post-login banner Yes DSCP Preservation No Connecting and Disconnecting:
VPN load balancing Yes Backup server list Yes Optimal Gateway Selection No Authentication:
SAML 2.0 No Client Certificate Authentication Yes Online Certificate Status Protocol (OCSP) No Manual user certificate management Yes, using BBRY device capabilities. Manual server certificate management Yes, using BBRY device capabilities. SCEP legacy enrollment Please confirm for your platform. Yes, if enabled, these obtained certificates will override BDS pushed certificates. BDS may disable this feature. SCEP proxy enrollment Please confirm for your platform. Yes Automatic certificate selection No Manual certificate selection Yes Smart card support No Username and password Yes, also pushed in BDS VPN Profile. Tokens/challenge Yes Double authentication Yes Group URL (specified in server address) Yes Group selection (drop-down selection) Yes Credential prefill from user certificate Yes, AnyConnect or BDS Save password Yes, by BDS, AnyConnect does not save passwords. User interface:
Standalone GUI No Native OS GUI Yes API / URI Handler (see below) No UI customization Yes UI localization No User preferences No Home screen widgets for one-click VPN access No AnyConnect specific status icon No Mobile Posture: (AnyConnect Identity Extensions, ACIDex)
Serial number or unique ID check No OS and AnyConnect version shared with headend Yes URI Handling:
Add connection entry No Connect to a VPN No Credential pre-fill on connect No Disconnect VPN No Import certificate No Import localization data No Import XML client profile No External (user) control of URI commands No Reporting and Troubleshooting:
Statistics Yes Logging / Diagnostic Information (DART) Yes Certifications:
FIPS 140-2 Level 1 No Adaptive Security Appliance Requirements
A minimum release of the ASA is required for the following features:
Note
Refer to the feature matrix for your platform to verify the availability of these features in the current AnyConnect mobile release.
Guidelines and Limitations for AnyConnect on BlackBerry
Enabling Split DNS can break VPN connections. Blackberry supports a maximum of two DNS servers. Our ASA configured DNS server takes precedence because it is prepended in the DNS server list, so our ASA configured DNS server is applied to the tun adapter. If the ASA configures two private DNS servers without DNS forwarding in the ASA side, then DNS resolution of public network will fail.
Work around: Until BlackBerry supports more than 2 DNS servers, the Admin should configure only one private DNS server on the ASA end.
AnyConnect VPN profiles which are pushed to devices from an ASA headend, block all untrusted servers by default. This may be preventing a successful VPN connection. Disable this setting to provide the user with the option to accept or deny connections to untrusted servers
IPsec IKEv2 VPN connections must be enabled and configured manually on the device by the user. Only EAP authentication is supported when connecting to the ASA headend.
Resolved Issues in AnyConnect for BlackBerry
Copyright © 2015-2017, Cisco Systems, Inc. All rights reserved.