Cisco Secure Client Mobile Platforms and Features
Android Supported Devices
Full support for Cisco Secure Client on Android is provided on devices running Android 4.0 (Ice Cream Sandwich) through the latest release of Android.
Cisco Secure Client on Kindle is available from Amazon for the Kindle Fire HD devices, and the New Kindle Fire. Cisco Secure Client for Kindle is equivalent in functionality to the Cisco Secure Client for Android package.
Per-App VPN is supported in managed and unmanaged environments. In a managed environment using Samsung KNOX MDM, Samsung devices running Android 4.3 or later with Samsung Knox 2.0, are required. When using Per App in an unmanaged environment, the generic Android methods are used.
For the Network Visibility Module (NVM) capabilities, Samsung devices that are running Samsung Knox 2.8 or later (including 3.2), which requires Android 7.0 or later, are required. For configuration of NVM, the Cisco Secure Client Profile Editor from Cisco Secure Client 4.4.3 or later is also required. Earlier releases do not support mobile NVM configurations.
Apple iOS Supported Devices
Cisco Secure Client 5 is the latest and recommended version available on all iPhones, iPads, and iPod Touch devices running Apple iOS 10.3 and later.
 Note |
Cisco Secure Client on the iPod Touch appears and operates as on the iPhone. |
Google Chrome OS Supported Devices
Cisco Secure Client on Google Chromebook requires Chrome OS 43 or later. Stability and feature enhancements are available in Chrome OS 45.
Cisco Secure Client on Google Chromebook cannot be used from a standalone Chrome browser on another platform.
For all current Chromebooks, Cisco Secure Client for Android is officially supported and strongly recommended for the optimal experience on ChromeOS. The native ChromeOS client is intended only for legacy Chromebooks incapable of running Android applications.
Universal Windows Platform Supported Devices
Cisco Secure Client on Universal Windows Platform supports all UWP compatible devices including desktop.
Cisco Secure Client Mobile Platforms Feature Matrix
| Category: Feature | Android | Apple iOS | Chrome | Universal Windows Platform |
|---|---|---|---|---|
|
Deployment and Configuration: |
||||
| Install or upgrade from application store. | Yes | Yes | Yes | Yes |
| Cisco VPN Profile support (manual import) | Yes | Yes | Yes | No |
| Cisco VPN Profile support (import on connect) | Yes | Yes | Yes | No |
| MDM- configured connection entries | Yes | Yes | Yes | Yes |
| User-configured connection entries | Yes | Yes | Yes | Yes |
|
Tunneling: |
||||
| TLS | Yes | Yes | Yes | Yes |
| Datagram TLS (DTLS) | Yes | Yes | Yes |
Yes* |
| DTLS v1.2 | Yes | |||
| IPsec IKEv2 NAT-T | Yes | Yes | Yes | No |
| IKEv2 - raw ESP | Yes | No | No | No |
| Suite B (IPsec only) | Yes | Yes | No | No |
| TLS compression | Yes | Yes, 32-bit devices only | No | No |
| Dead peer detection | Yes | Yes | Yes | No |
| Tunnel keepalive | Yes | Yes | Yes | No |
| Multiple active network interfaces | No | No | No | No |
| Per-App Tunneling | Yes, Android 5.0+ or Samsung Knox | Yes, requires Cisco AnyConnect 4.0.09xxx and iOS 10.3 or later. | No | Yes, by MDM provisioning only |
|
Per-App Tunneling (Disallowed Apps Mode) |
Yes |
No |
No |
No |
| Multiple tunnel | No | Yes, with MDM configuration | No | No |
| Full tunnel (OS may make exceptions on some traffic, such as traffic to the app store). | Yes | Yes | Yes | Yes |
| Split tunnel (split include). | Yes | Yes | Yes | Yes |
| Local LAN (split exclude). | No | Yes | Yes | No |
| Split-DNS | Yes, works with split include. | Yes | No | Yes |
| Auto Reconnect / Network Roaming | Yes, regardless of the Auto Reconnect profile specification, Cisco Secure Client Mobile always attempts to maintain the VPN as users move between 3G and WiFi networks. | Yes | Yes, requires Chrome OS 51 or later and Cisco Secure Client 4.0.0113 or later. | Yes,if user remains on the same network and the network connection has not terminated. |
| VPN on-demand (triggered by destination) | No | Yes, compatible with Apple iOS Connect on Demand. | No | Yes |
| VPN on-demand (triggered by application) | No | Yes, when operating in Per-App VPN mode only. | No | No |
| Rekey | Yes | Yes | Yes | No |
| IPv4 public transport | Yes | Yes | Yes | Yes |
| IPv6 public transport | Yes, requires Android 5.0 or later. | Yes | No | Yes |
| IPv4 over IPv4 tunnel | Yes | Yes | Yes | Yes |
| IPv6 over IPv4 tunnel | Yes | Yes | No | Yes |
| IPv6 over IPv4 tunnel | Yes | Yes | No | Yes |
| IPv6 over IPv6 tunnel | Yes | Yes | No | Yes |
| Default domain | Yes | Yes | Yes | Yes |
| DNS server configuration | Yes | Yes | Yes | Yes |
| Private-side proxy support | Direct proxy support on Android 10+. PAC proxy support on Android 11+. See note below. | Yes | Yes, using ASA configured proxy PAC URL | Yes, limited support |
| Proxy Exceptions |
Yes |
Yes, but wildcard specifications not supported | No | No |
| Public-side proxy support | No | No | No | No |
| Pre-login banner | Yes | Yes | Yes | Yes |
| Post-login banner | Yes | Yes | Yes | Yes |
| DSCP Preservation | Yes | No | No | No |
|
Connecting and Disconnecting: |
||||
| VPN load balancing | Yes | Yes | Yes | Yes |
| Backup server list | Yes | Yes | Yes | No |
| Optimal Gateway Selection | No | No | No | No |
|
Authentication: |
||||
|
Biometric protection of client certificate |
Yes | Yes | No | No |
| SAML 2.0 | Yes | Yes | Yes | No |
| Client Certificate Authentication (RSA) | Yes | Yes | Yes | Yes |
| Client Certificate Authentication (ECDSA) | Yes | Yes | Yes | Yes |
| SAML + Client Certificate Requests | Yes | Yes | No | No |
| Certificate Revocation Checking | Online Certificate Status Protocol (OCSP) | either OCSP or CRL (Certificate Revocation List), depending on iOS version | No | No |
| Manual user certificate management | Yes | Yes | Yes, using Chrome device capabilities | Yes |
| Manual server certificate management | Yes | Yes | Yes | Yes |
| SCEP legacy enrollment: Deprecated | No | No | No | No |
| SCEP proxy enrollment Please confirm for your platform. | Yes | Yes | No | No |
| Automatic certificate selection | Yes | Yes | No | Yes |
| Manual certificate selection | Yes | Yes | Yes | No |
| Smart card support | No | No | No | No |
| Username and password | Yes | Yes | Yes | Yes |
| Tokens/challenge | Yes | Yes | Yes | Yes |
| Double authentication | Yes | Yes | Yes | Yes |
| Group URL (specified in server address) | Yes | Yes | Yes | Yes |
| Group selection (drop-down selection) | Yes | Yes | Yes | Yes |
| Credential prefill from user certificate | Yes | Yes | Yes | Yes |
| Save password | No | No | No | No |
| Umbrella User Identities | Yes | No | No | No |
|
User interface: |
||||
| Standalone GUI | Yes | Yes | Yes, limited functions | Yes, limited functions. |
| Native OS GUI | No | Yes, limited functions | Yes, limited functions | Yes |
| API / URI Handler (see below) | Yes | Yes | No | No |
| UI customization | No | No | No | No |
| UI localization | Yes, app contains pre-packaged languages. | Yes, app contains pre-packaged languages. | No | No |
| User preferences | Yes | Yes | Yes | Partial |
| Cisco Secure Client specific status icon | Optional | No | No | No |
| Dark mode | No | Yes | No | No |
|
Mobile Posture: (AnyConnect Identity Extensions, ACIDex) |
||||
| Serial number or unique ID check | Yes | Yes | No | No |
| OS and Cisco Secure Client version shared with headend | Yes | Yes | Yes | Yes |
| Siri support | No | Yes | No | No |
|
Cisco Secure Client Network Visibility Module support |
Yes, with specific Samsung Knox and MDM requirements. |
No | No | No |
| Ability to restrict the exporting of NVM flows | Yes | No | No | No |
|
Ability to securely send data to the collector over DTLS |
Yes |
No |
No |
No |
|
URI Handling: |
||||
| QR code scanning | Yes | No | No | No |
| Add connection entry | Yes | Yes | No | No |
| Connect to a VPN | Yes | Yes | No | No |
| Credential pre-fill on connect | Yes | Yes | No | No |
| Disconnect VPN | Yes | Yes | No | No |
| Import certificate | Yes | Yes | No | No |
| Import localization data | Yes | Yes | No | No |
| Import XML client profile | Yes | Yes | No | No |
| External (user) control of URI commands | Yes | Yes | No | No |
|
Reporting and Troubleshooting: |
||||
| Statistics | Yes | Yes | Yes | No |
| Logging / Diagnostic Information (DART) | Yes | Yes | Yes | Yes, Field Medic app required |
|
Certifications: |
||||
| FIPS 140-2 Level 1 | Yes | Yes | No | No |
Note |
Before deploying a PAC proxy configuration for Cisco Secure Client on Android, please ensure that your applications are compatible with PAC proxy. For DTLS support with UWP, refer to the Release Notes for Cisco Secure Client (including AnyConnect), Release 5 for Universal Windows Platform for some known limitations. |
Cisco Secure Client Mobile Related Documentation
For more information refer to the following documentation:
Additional information on using VPN connections with Apple iOS devices is available from Apple:
Feedback