Table Of Contents
Supported VPN Platforms, Cisco ASA 5500 Series
ASA, ASDM, Cisco Secure Desktop, and AnyConnect Compatibility
Clientless SSL VPN Support for Computer OSs, ASA Release 8.4
Clientless SSL VPN Support for Mobile Devices, ASA Release 8.4
Clientless SSL VPN Support for Computer OSs, ASA Release 8.3
Clientless SSL VPN Support for Mobile Devices, ASA Releases 8.0 - 8.3
Clientless SSL VPN Support for Computer OSs, ASA Releases 8.0 - 8.2
AnyConnect Apps for Smart Phones
AnyConnect 3.0 Computer OSs Supported
AnyConnect 3.0 Windows Mobile Devices Not Supported
AnyConnect 2.5 Computer OSs Supported
AnyConnect 2.5 Windows Mobile Devices Supported
AnyConnect 2.4 Computer OSs Supported
AnyConnect 2.4 Windows Mobile Devices Supported
AnyConnect 2.3 Computer OSs Supported
AnyConnect 2.3 Windows Mobile Devices Supported
AnyConnect 2.0 - 2.2 Computer OSs Supported
Cisco Secure Desktop 3.5 Support for AnyConnect and Clientless SSL VPN
Cisco Secure Desktop 3.1 - 3.4 Support for AnyConnect and Clientless SSL VPN
Host Scan Support for Antivirus, Antispyware, and Firewall Applications
Android and L2TP/IPsec Clients
Apple IPsec and L2TP/IPsec Clients
Supported VPN Platforms, Cisco ASA 5500 Series
Revised: December 19, 2011This document, previously titled Adaptive Security Appliance VPN Compatibility Reference, includes the following compatibility and VPN platform information:
Compatibility of the ASA 5500 series software releases with the Adaptive Security Device Manager, Cisco Secure Desktop, and Cisco AnyConnect VPN client releases.
ASA, ASDM, Cisco Secure Desktop, and AnyConnect Compatibility
Web browsers supported by clientless (browser-based) SSL VPN access to ASAs Releases 8.0(2) and later.
Endpoint OSs supported by Cisco AnyConnect VPN Client Releases 2.0 and later.
Endpoint OSs and browsers supported by Cisco Secure Desktop Releases 3.1 and later.
IPsec clients supported for VPN access to the ASA.
Note
If this document claims support for an OS without identifying associated service packs, we support all maintenance releases or service packs for that OS. For example, if we list Windows 7 x64 (64-bit) as supported, we support all Windows 7 x64 service packs.
For more information, go to the release notes and configuration guides for the products named in this document.
ASA, ASDM, Cisco Secure Desktop, and AnyConnect Compatibility
The following table shows the compatibility of the adaptive security appliance with Adaptive Security Device Manager, Cisco Secure Desktop, and the AnyConnect VPN client:
8.4(1)2 and later
6.4(1) and later
3.3.0.118 and later
Cisco AnyConnect Secure Mobility Client 2.5.0217 and later for computers only
Cisco AnyConnect Client 2.4 and later for mobile devices
6.1(3) and later
3.3.0.118 and later
Cisco AnyConnect Client 2.2.0133 and later
8.0(3)
6.1(3) and later
3.2.1.103 or 3.3.0.118 and later
Cisco AnyConnect Client 2.1.0128 to 2.1.0148
8.0(2)
6.1(3) and later
3.2.0.136 (subsequently referenced as "3.2")
Cisco AnyConnect Client 2.0.0343 (subsequently referenced as "2.0")
7.1(x)-7.2(x)
5.1(x) - 5.2(x)
3.1.1.45 (subsequently referenced as "3.1.1")5
Cisco SSL VPN Client 1.x
1 Use the latest ASDM release for full compatibility.
2 AnyConnect 3.0 IKEv2 access requires ASA 8.4(1) or later.
3 ASA 8.x and later do not support Cisco SSL VPN Client 1.x.
4 Some AnyConnect 2.5 features require ASA 8.3(1) or later.
5 Cisco Secure Desktop does not support Cisco SSL VPN Client 1.x.
Clientless SSL VPN
The following sections list the VPN platforms that clientless SSL VPN access supports:
•
•
•
•
•
Clientless SSL VPN Support for Computer OSs, ASA Release 8.4
ASA Release 8.4 supports SSL VPN sessions originating from the following OSs and browsers.
Clientless SSL VPN Core Rewriter
The ASA 8.4 clientless SSL VPN core rewriter supports the following applications:
•
•
•
•
•
•
Smart Tunnel
Smart tunnel supports all applications not supported by the core rewriter. Smart tunnel access supports all Windows x86 and x64 OSs supported for clientless VPN access, Mac OS X 10.5 running on an Intel processor only, and Mac OS X 10.6. Smart tunnel does not support Linux. Additional requirements and limitations apply. We specifically tested the following smart tunnel applications in 8.4.1:
•
•
Smart Tunnel and Secure Desktop (Vault) Interoperability
Cisco supports smart tunneling inside a Secure Desktop (Vault) environment on all operating systems that support Vault. We also support smart tunneling of desktop applications and browser-based applications.
ASA 8.3 or later is required to perform smart tunneling from an endpoint using IE8 or a 64-bit Windows operating system.
To implement smart tunneling with IE8, from within a Secure Desktop (Vault), the endpoint must be connected to a secure gateway running ASA 8.3 or later; in addition, the endpoint must have Cisco Secure Desktop 3.5 or later installed.
Smart tunneling is not intended to restrict network access to only internal resources.
Other Application Notes
The following application notes apply to clientless SSL VPN on ASA Release 8.4:
•
•
•
Clientless SSL VPN Support for Mobile Devices, ASA Release 8.4
Cisco has certified the following mobile devices for SSL VPN clientless access to ASAs running release 8.4:
iPhone
Software Update 1.1.3 and later
Safari
iPad
Apple iOS 4.2 or later
Safari
iPad 2
Apple iOS 4.3 or later
Safari
Neither the ASA administrator nor the Clientless SSL VPN user need do anything special to use Clientless SSL VPN with a certified mobile device.
Note
Clientless SSL VPN Support for Computer OSs, ASA Release 8.3
ASA Release 8.3 supports clientless SSL VPN sessions originating from the following OSs and browsers.
Clientless SSL VPN Core Rewriter
The ASA 8.3 clientless SSL VPN core rewriter supports the following applications:
•
•
•
•
•
Smart Tunnel
Smart tunnel supports all applications not supported by the core rewriter. Smart tunnel access supports all Windows x86 and x64 OSs supported for clientless SSL VPN access, Mac OS X 10.5 running on an Intel processor only, and Mac OS X 10.6. Smart tunnel does not support Linux. Additional requirements and limitations apply.
Smart Tunnel and Secure Desktop (Vault) Interoperability
Cisco supports smart tunneling inside a Secure Desktop (Vault) environment on all operating systems that support Vault. We also support smart tunneling of desktop applications and browser-based applications.
ASA 8.3 or later is required to perform smart tunneling from an endpoint using IE8 or a 64-bit Windows operating system.
To implement smart tunneling with IE8, from within a Secure Desktop (Vault), the endpoint must be connected to a secure gateway running ASA 8.3 or later; in addition, the endpoint must have Cisco Secure Desktop 3.5 or later installed.
Smart tunneling is not intended to restrict network access to only internal resources.
Other Application Notes
The following application notes apply to clientless SSL VPN on Release 8.3:
•
•
•
•
•
Clientless SSL VPN Support for Mobile Devices, ASA Releases 8.0 - 8.3
Cisco has certified the following mobile devices for SSL VPN clientless access to ASAs running releases 8.0—8.3:
Neither the ASA administrator nor the Clientless SSL VPN user need do anything special to use Clientless SSL VPN with a certified mobile device.
Note
Clientless SSL VPN Support for Computer OSs, ASA Releases 8.0 - 8.2
ASA Releases 8.0-8.2 support clientless SSL VPN sessions originating from the following OSs and browsers.
The following application notes apply to clientless SSL VPN on ASA Releases 8.0-8.2:
•
•
•
•
AnyConnect
The following sections list the VPN platforms that AnyConnect supports:
•
•
•
•
•
•
•
•
•
•
AnyConnect Apps for Smart Phones
AnyConnect is available on app distribution sites such as iTunes and the Android Market. Each app is qualified for use only for certain smart phone models, or is in some cases provided as a native app shipped by the manufacturer. Each AnyConnect app runs exclusively on a limited set of devices. The versions of AnyConnect running on the smart phones do not have to match the computer versions pushed by and supported by the ASA. The ASA must be running 8.0(4) or later.
The release notes for each smartphone release lists the devices each AnyConnect app supports.
AnyConnect 3.0 Computer OSs Supported
AnyConnect VPN Client 3.0 supports the following computer OSs.
Windows
The following requirements and notes apply to all supported Microsoft Windows OSs:
Requirements
•
•
•
Caution: The minimum flash memory required is 128MB for an ASA 5505; however, we strongly recommend 256 or preferably 512 MB. To support multiple endpoint operating systems and enable logging and debugging on the ASA, you will most likely need 512 MB of flash memory.
If the ASA has only the default internal flash memory size or the default DRAM size (for cache memory) you could have problems storing and loading multiple AnyConnect client packages on the ASA. Even if you have enough space on the flash to hold the package files, the ASA could run out of cache memory when it unzips and loads the client images. For internal memory requirements for each ASA model, see Memory Requirements for the Cisco ASA Adaptive Security Appliances Software Version 8.3 and Later. For additional information about the ASA memory requirements and upgrading ASA memory, see the latest release notes for the Cisco ASA 5500 series.
The following sections identify the Windows OSs that AnyConnect 3.0 supports:
Windows 7 x86 (32-bit) and x64 (64-bit)
AnyConnect requires a clean install if you upgrade from Windows XP to Windows 7.
If you upgrade from Windows Vista to Windows 7, manually uninstall AnyConnect first, then after the upgrade, reinstall it manually or by establishing a web-based connection to a security appliance configured to install it. Uninstalling before the upgrade and reinstalling AnyConnect afterwards is necessary because the upgrade does not preserve the Cisco AnyConnect Virtual Adapter.
AnyConnect VPN is compatible with 3G data cards which interface with Windows 7 via a WWAN adapter.
WebLaunch of AnyConnect 3.0 supports the following browsers running on either x86 or x64 versions of Windows 7:
Microsoft Internet Explorer 8.x-9.x (32-bit version required for x64 OS)
Firefox 3.x-4.x
Google Chrome 6.0 and 7.0
Windows Vista SP2 x86 (32-bit) and x64 (64-bit)
AnyConnect requires a clean install if you upgrade from Windows XP to Windows Vista.
WebLaunch of AnyConnect 3.0 supports the following browsers running on either x86 or x64 versions of Windows Vista:
•
•
•
Windows XP SP3 x86 (32-bit) and x64 (64-bit)
WebLaunch of AnyConnect 3.0 supports the following browsers running on either x86 or x64 versions of Windows XP:
–
–
–
Note
Apple Mac OS X
AnyConnect 3.0 supports the following versions of Mac OS X:
•
•
AnyConnect requires 50 MB of hard disk space.
If you upgrade from one major Mac OS release to another (for example, 10.5 to 10.6), manually uninstall AnyConnect first, then after the upgrade, reinstall it manually or by establishing a web-based connection to a security appliance configured to install it.
WebLaunch of AnyConnect 3.0 supports the following browsers running on either 32-bit or 64-bit versions of Mac OS X 10.5-10.6:
•
•
•
Linux
AnyConnect supports only standalone installations on Linux.
AnyConnect supports the following distributions:
•
•
We do not validate other Linux distributions. We will consider requests to validate other Linux distributions for which you experience issues, and provide fixes at our discretion.
See the AnyConnect Linux Requirements.
WebLaunch of AnyConnect 3.0 supports Firefox 3.x running on Linux.
AnyConnect 3.0 Windows Mobile Devices Not Supported
AnyConnect 3.0 does not support Microsoft Windows Mobile or Windows Phone. However, you can continue to use the ASA to deploy the AnyConnect 2.5 or earlier client for Windows Mobile even after loading the AnyConnect 3.0 package files to the ASA for web deployment.
See the AnyConnect Secure Mobility Client Administrator Guides from AnyConnect 2.5, and earlier, for information about configuring the ASA to deploy AnyConnect for Windows Mobile devices.
AnyConnect 2.5 Computer OSs Supported
AnyConnect VPN Client 2.5 supports the following computer OSs:
Microsoft Windows
AnyConnect 2.5 supports the following Windows OSs:
•
AnyConnect requires a clean install if you upgrade from Windows XP to Windows 7.
If you upgrade from Windows Vista to Windows 7, manually uninstall AnyConnect first, then after the upgrade, reinstall it manually or by establishing a web-based connection to a security appliance configured to install it. Uninstalling AnyConnect before the upgrade and reinstalling it afterwards is necessary because the upgrade does not preserve the Cisco AnyConnect Virtual Adapter.
•
AnyConnect requires a clean install if you upgrade from Windows XP to Windows Vista.
•
Requirements
•
•
•
•
–
–
–
•
If you are using Internet Explorer, use version 5.0, SP2 or later. For WebLaunch, use 32-bit Internet Explorer 6.0 or later, or Firefox 2.0 or later, and enable ActiveX or enable Sun JRE 5 Update 1.5 or later (JRE 6 recommended)
AnyConnect is compatible with 3G data cards which interface with Windows 7 via a WWAN adapter.
Apple
AnyConnect 2.4 supports the following versions of Mac OS X:
•
•
50 MB hard disk space required.
Linux
AnyConnect supports the following distributions:
•
•
We do not validate other Linux distributions. We will consider requests to validate other Linux distributions for which you experience issues, and provide fixes at our discretion.
AnyConnect supports only standalone installations on Linux.
See the AnyConnect Linux Requirements for AnyConnect 2.5.
For endpoint OS support and license requirements for each feature, see AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 2.5.
To install AnyConnect through a web browser (WebLaunch), the user platform must match one of those in the "Clientless SSL VPN" section, with one exception: WebLaunch requires the 32-bit version of Internet Explorer. Please instruct users of x64 (64-bit) Windows versions supported by AnyConnect to use the 32-bit version of Internet Explorer or Firefox to install WebLaunch. (At this time, Firefox is available only in a 32-bit version.)
Cisco AnyConnect Client, when launched as a standalone client, supports any browser.
AnyConnect 2.5 Windows Mobile Devices Supported
We designed AnyConnect 2.5 for compatibility with Windows Mobile 6.5, 6.1, 6.0 and 5.0 Professional and Classic for touch-screens only. Users have reported success with most touch-screens running these versions of Windows Mobile. However, to ensure interoperability, we guarantee compatibility only with the devices we test, as follows:
•
•
•
•
•
•
•
•
AnyConnect 2.4 Computer OSs Supported
AnyConnect VPN Client 2.4 supports the following computer OSs.
Microsoft Windows
AnyConnect 2.4 supports the following Windows OSs:
•
AnyConnect requires a clean install if you upgrade from Windows XP to Windows 7.
If you upgrade from Windows Vista to Windows 7, manually uninstall AnyConnect first, then after the upgrade, reinstall it manually or by establishing a web-based connection to a security appliance configured to install it. Uninstalling AnyConnect before the upgrade and reinstalling it afterwards is necessary because the upgrade does not preserve the Cisco AnyConnect Virtual Adapter.
•
AnyConnect requires a clean install if you upgrade from Windows XP to Windows Vista.
•
Requirements
•
•
•
•
–
–
–
•
If you are using Internet Explorer, use version 5.0, SP2 or later. For WebLaunch, use 32-bit Internet Explorer 6.0 or later, or Firefox 2.0 or later, and enable ActiveX or enable Sun JRE 5 Update 1.5 or later (JRE 6 recommended).
Apple
AnyConnect 2.4 supports the following versions of Mac OS X:
•
•
50 MB hard disk space required.
Linux
AnyConnect supports the following distributions:
•
•
We do not validate other Linux distributions. We will consider requests to validate other Linux distributions for which you experience issues, and provide fixes at our discretion.
AnyConnect supports only standalone installations on Linux.
See the AnyConnect Linux Requirements for AnyConnect 2.4.
To install AnyConnect through a web browser (WebLaunch), the user platform must match one of those in the "Clientless SSL VPN" section, with one exception: WebLaunch requires the 32-bit version of Internet Explorer. Please instruct users of x64 (64-bit) Windows versions supported by AnyConnect to use the 32-bit version of Internet Explorer or Firefox to install WebLaunch. (At this time, Firefox is available only in a 32-bit version.)
Cisco AnyConnect Client, when launched as a standalone client, supports any browser.
AnyConnect 2.4 Windows Mobile Devices Supported
We designed AnyConnect 2.4 for compatibility with Windows Mobile 6.1, 6.0 and 5.0 Professional and Classic for touch-screens only. Users have reported success with most touch-screens running these versions of Windows Mobile. However, to ensure interoperability, we guarantee compatibility only with the devices we test. The following table lists the supported devices with their corresponding service providers and supported operating system versions. AnyConnect 2.4 adds support for the HTC and Samsung devices.
AnyConnect 2.3 Computer OSs Supported
AnyConnect VPN Client 2.3 supports the following computer OSs.
Microsoft Windows:
•
AnyConnect requires a clean install if you upgrade from Windows XP to Windows Vista.
•
•
Requirements
•
•
•
•
–
–
–
•
If you are using Internet Explorer, use version 5.0, SP2 or later. For WebLaunch, use Internet Explorer 6.0 or later, or Firefox 2.0 or later, and enable ActiveX or install Sun JRE 5 Update 1.5 or later (JRE 6 recommended).
Apple: Mac OS X 10.4 and 10.5
50 MB hard disk space required
Linux
AnyConnect supports Linux Kernel releases 2.4 and 2.6 on 32-bit architectures, and 64-bit architectures that support biarch (that is, that run 32-bit code).
AnyConnect supports only standalone installations on Linux.
The following Linux distributions follow the AnyConnect Linux Requirements and work with the AnyConnect Client:
•
•
•
•
•
•
Cisco AnyConnect Client, when launched as a standalone client, supports any browser; however to install AnyConnect through a web browser (WebLaunch), the user platform must match one of those in the "Clientless SSL VPN" section.
AnyConnect 2.3 Windows Mobile Devices Supported
We designed AnyConnect 2.3 for compatibility with Windows Mobile 6.1, 6.0 and 5.0 Professional and Classic for touch-screens only. Users have reported success with most touch-screens running these versions of Windows Mobile. However, to ensure interoperability, we guarantee compatibility only with the devices we test. The following table lists the supported devices with their corresponding service providers and supported operating system versions.
AnyConnect 2.0 - 2.2 Computer OSs Supported
AnyConnect VPN Client 2.0 - 2.2 supports the following computer OSs.
Microsoft Windows1 :
•
AnyConnect requires a clean install if you upgrade from Windows XP to Windows Vista.
•
•
•
•
Requirements
•
•
•
•
–
–
–
•
If you are using Internet Explorer, use version 5.0, SP2 or later. For WebLaunch, use Internet Explorer 6.0 or later, or Firefox 2.0 or later, and enable ActiveX or install Sun JRE 5 Update 1.5 or later (JRE 6 recommended).
50 MB hard disk space required
Linux2
AnyConnect supports Linux Kernel releases 2.4 and 2.6 on 32-bit architectures, and 64-bit architectures that support biarch (that is, that run 32-bit code). The following Linux distributions follow the AnyConnect Linux Requirements and work with the AnyConnect Client:
•
•
•
•
•
•
1 Start Before Logon supported beginning with AnyConnect 2.2 and Cisco Secure Desktop 3.2.1.
2 Start Before Logon not supported on x64 Windows XP SP2, Mac OS X, and Linux.
3 Safari keychain required on Mac OS X for certificate authentication, including DoD Common Access Card and SmartCard support.
4 WebLaunch support of Mac OS X 10.5 beginning with AnyConnect 2.1
Cisco AnyConnect Client, when launched as a standalone client, supports any browser; however to install AnyConnect through a web browser (WebLaunch), the user platform must match one of those in the "Clientless SSL VPN" section.
Cisco Secure Desktop
The following sections list the platforms and link to the lists of applications that Cisco Secure Desktop supports.
Cisco Secure Desktop 3.5 Support for AnyConnect and Clientless SSL VPN
Cisco Secure Desktop 3.5 supports only AnyConnect and clientless SSL VPN connections. The following table shows the Cisco Secure Desktop modules and the OSs they support.
Host Scan
x86 (32-bit) and x64 (64-bit): Windows 7, Vista, Vista SP1, and Vista SP2
x64 (64-bit) Windows XP SP2, and x86 (32-bit) Windows XP SP2 and SP3
Windows Mobile versions 6.0, 6.1, 6.1.4, and 6.5 for touch screen devices only (Windows Mobile Professional).
32-bit and 64-bit Mac OS X 10.6.x
32-bit and 64-bit Mac OS X 10.5.x
32-bit and 64-bit biarch Redhat Enterprise Linux 3
32-bit and 64-bit biarch Redhat Enterprise Linux 4
32-bit and 64-bit biarch Fedora Core 4 and later
Ubuntu
32-bit and 64-bit biarch Linux operating systems (that is, 64-bit operating systems that can run 32-bit code) require the 32-bit versions of these libraries to run Host Scan: libxml2, libcurl (with openssl support), openssl, glibc 2.3.2 or later, and libz.
Secure Desktop (Vault), Keystroke Logger Detection, and Host Emulation Detection
x86 (32-bit) Windows Vista, SP1, and SP2 (KB935855 must be installed.
x86 (32-bit) Windows XP SP2 and SP3
Notes:
•
•
Cache Cleaner
32-bit browsers only on the following OSs:
•
•
•
•
•
•
32-bit and 64-bit biarch Linux operating systems (that is, 64-bit operating systems that can run 32-bit code) require the 32-bit versions of these libraries to run Cache Cleaner: libxml2, libcurl (with openssl support), openssl, glibc 2.3.2 or later, and libz.
Note: Cache Cleaner does not support the standalone startup of AnyConnect Client from any computer.
To enable Host Scan with WebStart, the remote user must do the following:
Step 1
Step 2
Step 3
Step 4
Do not associate jnlp files with javaws or Applications/Utilities/Java/Java Web Start.
Cisco Secure Desktop 3.1 - 3.4 Support for AnyConnect and Clientless SSL VPN
Cisco Secure Desktop supports only AnyConnect and clientless SSL VPN connections. The following tables show the Cisco Secure Desktop modules and the OSs they support.
Host Scan
x64 (64-bit)1 Microsoft Windows Vista SP2, or Vista SP1 with KB952876 (Cisco Secure Desktop 3.4.1 or later)
x86 (32-bit) Microsoft Windows Vista SP2 (Cisco Secure Desktop 3.4.1 or later)
x86 (32-bit) Microsoft Windows Vista and Vista SP1 with KB952876 (Cisco Secure Desktop 3.2.1.118 or later)
x86 (32-bit) Windows XP SP2 or SP3
x64 (64-bit) Windows XP SP2
x86 (32-bit) Windows 2000 SP4
64-bit Mac OS X 10.4 and 10.5 (Cisco Secure Desktop 3.4.1 or later)
32- bit Mac OS X 10.4 and 10.5 (Cisco Secure Desktop 3.2.1 or later; 3.2.18 or later recommended)
32- and 64-bit biarch (that is, 64-bit that can run 32-bit code) Linux with the following requirements: libxml2, libcurl (with openssl support), openssl, glibc 2.3.2 or later, and libz (Cisco Secure Desktop 3.2.1 or later; 3.2.1.118 or later recommended)
Secure Desktop (Vault), Keystroke Logger Detection, and Host Emulation Detection
x86 (32-bit) Windows Vista with KB935855 (or later) must be installed. The AnyConnect standalone client does not support the Vault on Windows Vista; however you can use WebLaunch with Windows Vista. Also, Secure Desktop does not let Internet Explorer run outside the Vault on a host computer running Windows Vista.
x86 (32-bit) Windows XP SP2 and SP3.
x86 (32-bit) Windows 2000 SP4.
Note: AnyConnect does not support the Vault.
Cache Cleaner
x86 (32-bit) and x64 (64-bit) Windows Vista and later.
x86 (32-bit) Windows XP SP2 and SP3.
x86 (32-bit) and x64 (64-bit) Windows XP SP2.
x86 (32-bit) Windows 2000 SP4.
32- and 64-bit Mac OS X 10.4 - 10.5 with Safari 1.0 or later, or Firefox 2.0 or later.
32- or 64-bit biarch Linux with libxml2, libcurl (with openssl support), openssl, glibc 2.3.2 or later, and libz. WebLaunch requires Sun Java 1.5 or later and Firefox 2.0 or later.
Note: Cache Cleaner does not support the standalone startup of AnyConnect Client from any computer.
1 Host Scan, Cache Cleaner, and AnyConnect via WebLaunch do not support 64-bit versions of Internet Explorer. Please instruct users of x64 (64-bit) Windows OSs to use the 32-bit version of Internet Explorer or Firefox to avoid VPN connection issues if you configure the ASA to install Host Scan or Cache Cleaner on the VPN endpoint, or if users install AnyConnect via WebLaunch. (At this time, Firefox is available only in a 32-bit version.)
To enable Host Scan with WebStart, the remote user must do the following:
Step 1
Step 2
Step 3
Step 4
Do not associate jnlp files with javaws or Applications/Utilities/Java/Java Web Start.
Host Scan Support for Antivirus, Antispyware, and Firewall Applications
Host Scan examines the remote computer connecting to the VPN for antivirus and antispyware applications, and software firewalls for compliance with configured, corporate security policies. To access the list of packages that Host Scan supports, go to the webpage that applies:
•
•
•
IPsec
The following sections identify the IPsec clients that connect to the ASA.
•
Cisco IPsec Clients
All releases of the Cisco ASA 5500 series support the following Cisco IPsec VPN Client releases:
•
•
•
•
•
•
Refer to the Cisco VPN Client Release Notes for more details on capabilities and limitations.
All releases of the Cisco ASA 5500 series support the following Cisco IPsec hardware clients:
•
•
•
•
Android and L2TP/IPsec Clients
All releases of the Cisco ASA 5500 series support the native L2TP/IPsec VPN client on Android mobile devices.
Requirements:
•
•
Apple IPsec and L2TP/IPsec Clients
All releases of the Cisco ASA 5500 series support both the native IPsec and L2TP/IPsec clients on Mac OS X 10.5 and 10.6.
All releases of the Cisco ASA 5500 series support both IPsec and L2TP/IPsec connectivity with the following Apple mobile devices:
•
•
•
We highly recommend ASA 8.0(x) software release or later, but you can also use 7.2(x).
For feature details and IPsec set-up recommendations for secure gateway support of Apple devices, please see the "Cisco VPN Server Configuration" section in the Apple iPhone OS Enterprise Deployment Guide.
Microsoft L2TP/IPsec Clients
All releases of the Cisco ASA 5500 series support the native L2TP/IPsec client on Microsoft Windows 7, Vista, and XP.
Cisco has successfully tested the native L2TP/IPsec client on the following mobile OSs with the Cisco ASA 5500 series:
•
•
Windows Mobile supports MS-CHAP v1 and v2, and pre-shared keys. Thus, it requires authentication with RADIUS and TACACS using a Microsoft Windows server OS that supports NTLM Version 1. Such OSs are collectively referred to as NT servers. They support no more than 14-character user passwords.
Some Windows Mobile 2003 (HP iPAQ h4150) and 5.0 (HP iPAQ hx 2495b) PDAs support enrollment with an available certificate authority server and can use certificate-based authentication.
Other IPsec Clients
The following third-party vendors offer VPN clients for Windows Mobile that work with the Cisco ASA 5500 series: Antha, Apani, Bluefire, Microsoft, and NCP.DE. Cisco supports the Microsoft client; the respective vendors support the other clients.
Bluefire offers a version of the Palm Treo that has an IPsec client that works with the Cisco ASA 5500 series.
Nokia provides support for Symbian on the Nokia 92xx Communicator series, Nokia 6600 and Nokia E61.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007-2011 Cisco Systems, Inc. All rights reserved.
