Cisco Secure Client Mobile Platforms and Features

Android Supported Devices

Full support for Cisco Secure Client on Android is provided on devices running Android 4.0 (Ice Cream Sandwich) through the latest release of Android.

Cisco Secure Client on Kindle is available from Amazon for the Kindle Fire HD devices, and the New Kindle Fire. Cisco Secure Client for Kindle is equivalent in functionality to the Cisco Secure Client for Android package.

Per-App VPN is supported in managed and unmanaged environments. In a managed environment using Samsung KNOX MDM, Samsung devices running Android 4.3 or later with Samsung Knox 2.0, are required. When using Per App in an unmanaged environment, the generic Android methods are used.

For the Network Visibility Module (NVM) capabilities, Samsung devices that are running Samsung Knox 2.8 or later (including 3.2), which requires Android 7.0 or later, are required. For configuration of NVM, the Cisco Secure Client Profile Editor from Cisco Secure Client 4.4.3 or later is also required. Earlier releases do not support mobile NVM configurations.

Apple iOS Supported Devices

Cisco Secure Client 5.0 is the latest and recommended version available on all iPhones, iPads, and iPod Touch devices running Apple iOS 10.3 and later.


Note

Cisco Secure Client on the iPod Touch appears and operates as on the iPhone.


Google Chrome OS Supported Devices

Cisco Secure Client on Google Chromebook requires Chrome OS 43 or later. Stability and feature enhancements are available in Chrome OS 45.

Cisco Secure Client on Google Chromebook cannot be used from a standalone Chrome browser on another platform.

For all current Chromebooks, Cisco Secure Client for Android is officially supported and strongly recommended for the optimal experience on ChromeOS. The native ChromeOS client is intended only for legacy Chromebooks incapable of running Android applications.

Cisco Secure Client Mobile Platforms Feature Matrix

Category: Feature Android Apple iOS Chrome Universal Windows Platform

Deployment and Configuration:

Install or upgrade from application store. Yes Yes Yes Yes
Cisco VPN Profile support (manual import) Yes Yes Yes No
Cisco VPN Profile support (import on connect) Yes Yes Yes No
MDM- configured connection entries Yes Yes Yes Yes
User-configured connection entries Yes Yes Yes Yes

Tunneling:

TLS Yes Yes Yes Yes
Datagram TLS (DTLS) Yes Yes Yes No
DTLS v1.2 Yes
IPsec IKEv2 NAT-T Yes Yes Yes No
IKEv2 - raw ESP Yes No No No
Suite B (IPsec only) Yes Yes No No
TLS compression Yes Yes, 32-bit devices only No No
Dead peer detection Yes Yes Yes No
Tunnel keepalive Yes Yes Yes No
Multiple active network interfaces No No No No
Per-App Tunneling Yes, Android 5.0+ or Samsung Knox Yes, requires Cisco AnyConnect 4.0.09xxx and iOS 10.3 or later. No Yes, by MDM provisioning only

Per-App Tunneling (Disallowed Apps Mode)

Yes

No

No

No

Multiple tunnel No Yes, with MDM configuration No No
Full tunnel (OS may make exceptions on some traffic, such as traffic to the app store). Yes Yes Yes Yes
Split tunnel (split include). Yes Yes Yes Yes
Local LAN (split exclude). No Yes Yes No
Split-DNS Yes, works with split include. Yes No Yes
Auto Reconnect / Network Roaming Yes, regardless of the Auto Reconnect profile specification, Cisco Secure Client Mobile always attempts to maintain the VPN as users move between 3G and WiFi networks. Yes Yes, requires Chrome OS 51 or later and Cisco Secure Client 4.0.0113 or later. Yes,if user remains on the same network and the network connection has not terminated.
VPN on-demand (triggered by destination) No Yes, compatible with Apple iOS Connect on Demand. No Yes
VPN on-demand (triggered by application) No Yes, when operating in Per-App VPN mode only. No No
Rekey Yes Yes Yes No
IPv4 public transport Yes Yes Yes Yes
IPv6 public transport Yes, requires Android 5.0 or later. Yes No Yes
IPv4 over IPv4 tunnel Yes Yes Yes Yes
IPv6 over IPv4 tunnel Yes Yes No Yes
IPv6 over IPv4 tunnel Yes Yes No Yes
IPv6 over IPv6 tunnel Yes Yes No Yes
Default domain Yes Yes Yes Yes
DNS server configuration Yes Yes Yes Yes
Private-side proxy support Direct proxy support on Android 10+. PAC proxy support on Android 11+. See note below. Yes Yes, using ASA configured proxy PAC URL Yes, limited support
Proxy Exceptions No Yes, but wildcard specifications not supported No No
Public-side proxy support No No No No
Pre-login banner Yes Yes Yes Yes
Post-login banner Yes Yes Yes Yes
DSCP Preservation Yes No No No

Connecting and Disconnecting:

VPN load balancing Yes Yes Yes Yes
Backup server list Yes Yes Yes No
Optimal Gateway Selection No No No No

Authentication:

Biometric protection of client certificate

Yes Yes No No
SAML 2.0 Yes Yes Yes No
Client Certificate Authentication (RSA) Yes Yes Yes Yes
Client Certificate Authentication (ECDSA) Yes Yes Yes Yes
SAML + Client Certificate Requests Yes Yes No No
Certificate Revocation Checking Online Certificate Status Protocol (OCSP) either OCSP or CRL (Certificate Revocation List), depending on iOS version No No
Manual user certificate management Yes Yes Yes, using Chrome device capabilities Yes
Manual server certificate management Yes Yes Yes Yes
SCEP legacy enrollment: Deprecated No No No No
SCEP proxy enrollment Please confirm for your platform. Yes Yes No No
Automatic certificate selection Yes Yes No Yes
Manual certificate selection Yes Yes Yes No
Smart card support No No No No
Username and password Yes Yes Yes Yes
Tokens/challenge Yes Yes Yes Yes
Double authentication Yes Yes Yes Yes
Group URL (specified in server address) Yes Yes Yes Yes
Group selection (drop-down selection) Yes Yes Yes Yes
Credential prefill from user certificate Yes Yes Yes Yes
Save password No No No No
Umbrella User Identities Yes No No No

User interface:

Standalone GUI Yes Yes Yes, limited functions Yes, limited functions.
Native OS GUI No Yes, limited functions Yes, limited functions Yes
API / URI Handler (see below) Yes Yes No No
UI customization No No No No
UI localization Yes, app contains pre-packaged languages. Yes, app contains pre-packaged languages. No No
User preferences Yes Yes Yes Partial
Cisco Secure Client specific status icon Optional No No No
Dark mode No Yes No No

Mobile Posture: (AnyConnect Identity Extensions, ACIDex)

Serial number or unique ID check Yes Yes No No
OS and Cisco Secure Client version shared with headend Yes Yes Yes Yes
Siri support No Yes No No

Cisco Secure Client Network Visibility Module support

Yes, with specific Samsung Knox and MDM requirements.

No No No
Ability to restrict the exporting of NVM flows Yes No No No

Ability to securely send data to the collector over DTLS

Yes

No

No

No

URI Handling:

QR code scanning Yes No No No
Add connection entry Yes Yes No No
Connect to a VPN Yes Yes No No
Credential pre-fill on connect Yes Yes No No
Disconnect VPN Yes Yes No No
Import certificate Yes Yes No No
Import localization data Yes Yes No No
Import XML client profile Yes Yes No No
External (user) control of URI commands Yes Yes No No

Reporting and Troubleshooting:

Statistics Yes Yes Yes No
Logging / Diagnostic Information (DART) Yes Yes Yes Yes, Field Medic app required

Certifications:

FIPS 140-2 Level 1 Yes Yes No No

Note

Before deploying a PAC proxy configuration for Cisco Secure Client on Android, please ensure that your applications are compatible with PAC proxy.