Cisco Secure Client Mobile Platforms and Features
Android Supported Devices
Full support for Cisco Secure Client on Android is provided on devices running Android 4.4 (KitKat) through the latest release of Android.
Cisco Secure Client on Kindle is available from Amazon for the Kindle Fire HD devices, and the New Kindle Fire. Cisco Secure Client for Kindle is equivalent in functionality to the Cisco Secure Client for Android package.
ChromeOS Flex is supported and is configured and utilized the same way as ChromeOS.
Per-App VPN is supported in managed and unmanaged environments. In a managed environment using Samsung KNOX MDM, Samsung devices running Android 4.3 or later with Samsung Knox 2.0, are required. When using Per App in an unmanaged environment, the generic Android methods are used.
For the Zero Trust Access feature available as an application downloaded separately from Cisco Secure Client, you must have a device running Android 14 with Samsung Knox 3.10 (or later). The Samsung Knox Service Plugin (KSP) is also available in the Google Play Store and is required when configuring an MDM vendor (such as Ivanti MobileIron) for device enrollment with Zero Trust.
For the Network Visibility Module (NVM) capabilities, Samsung devices that are running Samsung Knox 2.8 or later (including 3.2), which requires Android 7.0 or later, are required. Earlier releases do not support mobile NVM configurations.
Apple iOS Supported Devices
Cisco Secure Client 5.x is the latest and recommended version available on all iPhones and iPads devices running Apple iOS 13.0 and later.
For the Zero Trust Access feature available as an application download separately from Cisco Secure Client, you must have a device running iOS/iPadOS 17.2 (or later).
Google Chrome OS Supported Devices
Cisco Secure Client on Google Chromebook requires Chrome OS 43 or later. Stability and feature enhancements are available in Chrome OS 45.
Cisco Secure Client on Google Chromebook cannot be used from a standalone Chrome browser on another platform.
For all current Chromebooks, Cisco Secure Client for Android is officially supported and strongly recommended for the optimal experience on ChromeOS. The native ChromeOS client is intended only for legacy Chromebooks incapable of running Android applications.
Universal Windows Platform Supported Devices
Cisco Secure Client on Universal Windows Platform supports all UWP compatible devices including desktop.
Cisco Secure Client Mobile Platforms Feature Matrix
| Category: Feature | Android | Apple iOS | Universal Windows Platform |
|---|---|---|---|
|
Zero Trust Access |
Yes |
Yes |
No |
|
Deployment and Configuration: |
|||
| Install or upgrade from application store. | Yes | Yes | Yes |
| Cisco VPN Profile support (manual import) | Yes | Yes | No |
| Cisco VPN Profile support (import on connect) | Yes | Yes | No |
| MDM- configured connection entries | Yes | Yes | Yes |
| User-configured connection entries | Yes | Yes | Yes |
|
Tunneling: |
|||
| TLS | Yes | Yes | Yes |
| Datagram TLS (DTLS) | Yes | Yes |
Yes* |
| DTLS v1.2 | Yes | ||
| IPsec IKEv2 NAT-T | Yes | Yes | No |
| IKEv2 - raw ESP | Yes | No | No |
| Suite B (IPsec only) | Yes | Yes | No |
| TLS compression | Yes | Yes, 32-bit devices only | No |
| Dead peer detection | Yes | Yes | No |
| Tunnel keepalive | Yes | Yes | No |
| Multiple active network interfaces | No | No | No |
| Per-App Tunneling | Yes, Android 5.0+ or Samsung Knox | Yes, requires Cisco Secure Client 5.x and iOS 10.3 or later. | Yes, by MDM provisioning only |
|
Per-App Tunneling (Disallowed Apps Mode) |
Yes |
No |
No |
| Multiple tunnel | No | Yes, with MDM configuration | No |
| Full tunnel (OS may make exceptions on some traffic, such as traffic to the app store). | Yes | Yes | Yes |
| Split tunnel (split include). | Yes | Yes | Yes |
| Local LAN (split exclude). | No | Yes | No |
| Split-DNS | Yes, works with split include. | Yes | Yes |
| Auto Reconnect / Network Roaming | Yes, regardless of the Auto Reconnect profile specification, Secure Client always attempts to maintain the VPN as users move between 3G and WiFi networks. | Yes | Yes,if user remains on the same network and the network connection has not terminated. |
| VPN on-demand (triggered by destination) | No | Yes, compatible with Apple iOS Connect on Demand. | Yes |
| VPN on-demand (triggered by application) | No | Yes, when operating in Per-App VPN mode only. | No |
| Rekey | Yes | Yes | No |
| IPv4 public transport | Yes | Yes | Yes |
| IPv6 public transport | Yes, requires Android 5.0 or later. | Yes | Yes |
| IPv4 over IPv4 tunnel | Yes | Yes | Yes |
| IPv6 over IPv4 tunnel | Yes | Yes | Yes |
| IPv6 over IPv4 tunnel | Yes | Yes | Yes |
| IPv6 over IPv6 tunnel | Yes | Yes | Yes |
| Default domain | Yes | Yes | Yes |
| DNS server configuration | Yes | Yes | Yes |
| Private-side proxy support | Direct proxy support on Android 10+. PAC proxy support on Android 11+. See note below. | Yes | Yes, limited support |
| Proxy Exceptions |
Yes |
Yes, but wildcard specifications not supported | No |
| Public-side proxy support | No | No | No |
| Pre-login banner | Yes | Yes | Yes |
| Post-login banner | Yes | Yes | Yes |
| DSCP Preservation | Yes | No | No |
|
Connecting and Disconnecting: |
|||
| VPN load balancing | Yes | Yes | Yes |
| Backup server list | Yes | Yes | No |
| Optimal Gateway Selection | No | No | No |
|
Authentication: |
|||
|
Biometric protection of client certificate |
Yes | Yes | No |
| SAML 2.0 | Yes | Yes | No |
| Client Certificate Authentication (RSA) | Yes | Yes | Yes |
| Client Certificate Authentication (ECDSA) | Yes | Yes | Yes |
| SAML + Client Certificate Requests | Yes | Yes | No |
| Certificate Revocation Checking | Online Certificate Status Protocol (OCSP) | either OCSP or CRL (Certificate Revocation List), depending on iOS version | No |
| Manual user certificate management | Yes | Yes | Yes |
| Manual server certificate management | Yes | Yes | Yes |
| SCEP legacy enrollment: Deprecated | No | No | No |
| SCEP proxy enrollment Please confirm for your platform. | Yes | Yes | No |
| Automatic certificate selection | Yes | Yes | Yes |
| Manual certificate selection | Yes | Yes | No |
| Smart card support | No | No | No |
| Username and password | Yes | Yes | Yes |
| Tokens/challenge | Yes | Yes | Yes |
| Double authentication | Yes | Yes | Yes |
| Group URL (specified in server address) | Yes | Yes | Yes |
| Group selection (drop-down selection) | Yes | Yes | Yes |
| Credential prefill from user certificate | Yes | Yes | Yes |
| Save password | No | No | No |
| Umbrella User Identities | Yes | No | No |
|
User interface: |
|||
| Standalone GUI | Yes | Yes | Yes, limited functions. |
| Native OS GUI | No | Yes, limited functions | Yes |
| API / URI Handler (see below) | Yes | Yes | No |
| UI customization | No | No | No |
| UI localization | Yes, app contains pre-packaged languages. | Yes, app contains pre-packaged languages. | No |
| User preferences | Yes | Yes | Partial |
| Secure Client specific status icon | Optional | No | No |
| Dark mode | No | Yes | No |
|
Mobile Posture: (Secure Client Identity Extensions, ACIDex) |
|||
| Serial number or unique ID check | Yes | Yes | No |
| OS and Secure Client version shared with headend | Yes | Yes | Yes |
| Siri support | No | Yes | No |
|
Secure Client Network Visibility Module support |
Yes, with specific Samsung Knox and MDM requirements. |
No | No |
| Ability to restrict the exporting of NVM flows | Yes | No | No |
|
Ability to securely send data to the collector over DTLS |
Yes |
No |
No |
|
URI Handling: |
|||
| QR code scanning | Yes | No | No |
| Add connection entry | Yes | Yes | No |
| Connect to a VPN | Yes | Yes | No |
| Credential pre-fill on connect | Yes | Yes | No |
| Disconnect VPN | Yes | Yes | No |
| Import certificate | Yes | Yes | No |
| Import localization data | Yes | Yes | No |
| Import XML client profile | Yes | Yes | No |
| External (user) control of URI commands | Yes | Yes | No |
|
Reporting and Troubleshooting: |
|||
| Statistics | Yes | Yes | No |
| Logging / Diagnostic Information (DART) | Yes | Yes | Yes, Field Medic app required |
|
Certifications: |
|||
| FIPS 140-2 Level 1 | Yes | Yes | No |
 Note |
Before deploying a PAC proxy configuration for Cisco Secure Client on Android, please ensure that your applications are compatible with PAC proxy. For DTLS support with UWP, refer to the Release Notes for Cisco Secure Client (including AnyConnect), Release 5 for Universal Windows Platform for some known limitations. |
Cisco Secure Client Mobile Related Documentation
For more information refer to the following documentation:
Additional information on using VPN connections with Apple iOS devices is available from Apple:
Feedback