AnyConnect Mobile Platforms and Features
Android Supported Devices
Full support for Cisco AnyConnect on Android is provided on devices running Android 4.0 (Ice Cream Sandwich) through the latest release of Android.
Cisco AnyConnect on Kindle is available from Amazon for the Kindle Fire HD devices, and the New Kindle Fire. AnyConnect for Kindle is equivalent in functionality to the AnyConnect for Android package.
Per App VPN is supported in managed and unmanaged environments. In a managed environment using Samsung KNOX MDM, Samsung devices running Android 4.3 or later with Samsung Knox 2.0, are required. When using Per App in an unmanaged environment, the generic Android methods are used.
For the Network Visibility Module (NVM) capabilities, Samsung devices that are running Samsung Knox 2.8 or later (including 3.2), which requires Android 7.0 or later, are required. For configuration of NVM, the AnyConnect Profile Editor from AnyConnect 4.4.3 or later is also required. Earlier releases do not support mobile NVM configurations.
See Android User Guide for Cisco AnyConnect Secure Mobility Client, Release 4.6 for installation and upgrade procedures.
Apple iOS Devices Supported
Cisco AnyConnect 4.0.07x and later is the latest and recommended version available on all iPhones, iPads, and iPod Touch devices running Apple iOS 10.3 and later.
If a device does not support Apple iOS 10.3 or later, only Legacy AnyConnect 4.0.05x, available on all iPhones, iPads, and iPod Touch devices running Apple iO 6.0 and later, can be used. Per App tunneling in Legacy AnyConnect requires Apple iOS 8.3 or later.
AnyConnect on the iPod Touch appears and operates as on the iPhone.
BlackBerry Supported Devices
Full support for Cisco AnyConnect on BlackBerry is provided on devices running BlackBerry OS 10.3.2 and later. For the best AnyConnect experience, Cisco strongly recommends you upgrade your device to 10.3.2.
See BlackBerry User Guide for Cisco AnyConnect Secure Mobility Client, Release 4.0.x for installation and upgrade procedures.
Google Chrome OS Supported Devices
Cisco AnyConnect on Google Chromebook requires Chrome OS 43 or later. Stability and feature enhancements are available in Chrome OS 45 (currently available on the Google Chrome Dev channel).
AnyConnect on Google Chromebook cannot be used from a standalone Chrome browser on another platform.
Many new Chromebooks are capable of supporting Android applications. While the Cisco AnyConnect on Android application can run on a Chromebook with this support, the OS only tunnels Android applications when using Android AnyConnect. At this time, we recommend only using the Chrome version of AnyConnect on Chromebooks. It is our expectation that this will change in the future when the Android application becomes the primary version for these Chromebooks, but this is not the case today.
See Google Chrome OS User Guide for Cisco AnyConnect Secure Mobility Client, Release 4.0.x for installation and upgrade procedures.
Windows Phone Supported Devices
Windows 10 Mobile Support
AnyConnect on Windows Mobile or Windows Phone is supported on mobile devices that run Microsoft Windows 10 Mobile.
Windows 10 Mobile is not intended for non-mobile Windows 10 devices. Cisco has a fully featured version of AnyConnect available for non-mobile devices, which is not distributed in the Windows store.
Windows Phone 8.1 Support
“Effective December 31 2017, Cisco will no longer provide AnyConnect for Windows Phone 8.1 for new downloads in the Windows App Store. Microsoft has previously announced End of Support for this operating system https://support.microsoft.com/en-us/help/4001737/products-reaching-end-of-support-for-2017.
Till December 31, 2017 AnyConnect is also supported on mobile devices that run Microsoft Windows Phone 8.1 Update which includes the following versions: 8.10.14141.167, 8.10.14147.180, 8.10.14157.200, 8.10.14176.243, 8.10.14192.280, 8.10.14203.206, 8.10.14219.341, or 8.10.14226.359. The OS on the phone must be one of the listed versions in order for AnyConnect to work properly.
Users can verify their OS version at Windows Phone 8.1 update history.on their device. For more OS version information see Microsoft's
Earlier versions of Windows Phone 8.1 will allow AnyConnect installation, but it will not operate or be available to configure under.
See Windows Phone User Guide for Cisco AnyConnect Secure Mobility Client, Release 4.1.x for installation and upgrade procedures.
AnyConnect Mobile Platforms Feature Matrix
|Category: Feature||Android VPN||Apple iOS||BlackBerry||Chrome||Windows Phone|
Deployment and Configuration:
|Install or upgrade from application store.||Yes||Yes||Yes||Yes||Yes|
|Cisco VPN Profile support (manual import)||Yes||Yes||No||Yes||No|
|Cisco VPN Profile support (import on connect)||Yes||Yes||Yes, new profile overwrites existing one.||Yes||No|
|MDM configured connection entries||Yes||Yes||Yes, using BDS, new profile overwrites existing one.||Yes||Yes|
|User-configured connection entries||Yes||Yes||Yes||Yes||Yes|
|Datagram TLS (DTLS)||Yes||Yes||Yes||Yes||No|
|IPsec IKEv2 NAT-T||Yes||Yes||Yes, must be enabled and configured on the device by the user. Only EAP authentication is supported.||Yes||No|
|IKEv2 - raw ESP||Yes||No||No||No||No|
|Suite B (IPsec only)||Yes||Yes||Yes||No||No|
|TLS compression||Yes||Yes, 32-bit devices only||Yes||No||No|
|Dead peer detection||Yes||Yes||Yes, disabled by default. If no response is received to three DPD packets in a row, the device closes the tunnel or the ASA suspends the tunnel until DPD exchange is re-established.||Yes||No|
|Tunnel keepalive||Yes||Yes||Yes, disabled by default.||Yes||No|
|Multiple active network interfaces||No||No||No||No||No|
|Per App Tunneling||Yes, Android 5.0+ or Samsung Knox||Yes, requires Cisco AnyConnect 4.0.09xxx and iOS 10.3 or later.||No||No||No|
|Full tunnel (OS may make exceptions on some traffic, such as traffic to the app store).||Yes||Yes||Yes||Yes||Yes|
|Split tunnel (split include).||Yes||Yes||Yes||Yes||Yes|
|Local LAN (split exclude).||No||Yes||No||Yes||No, defect in Windows Phone 8.1.|
|Split-DNS||Yes, works with split include.||Yes||Yes, Until BlackBerry supports more than 2 DNS servers, the Admin can configure only one private DNS server on the ASA end.||No||Yes|
|Auto Reconnect / Network Roaming||Yes, regardless of the Auto Reconnect profile specification, AnyConnect Mobile always attempts to maintain the VPN as users move between 3G and WiFi networks.||Yes||Yes, BBRY OS feature. When enabled the VPN connection is automatically established. This may require the user to re-enter credentials.||Yes, requires Chrome OS 51 or later and Cisco AnyConnect 4.0.0113 or later.||Yes, if user remains on the same network and the network connection has not terminated.|
|VPN on-demand (triggered by destination)||No||Yes, compatible with Apple iOS Connect on Demand.||No||No||Yes|
|VPN on-demand (triggered by application)||No||Yes, when operating in Per App VPN mode only.||No||No||No|
|Rekey||Yes||Yes||Yes, for TLS and DTLS inline (same socket) and new-tunnels (new socket).||Yes||Yes, initiated by gateway only.|
|IPv4 public transport||Yes||Yes||Yes||Yes||Yes|
|IPv6 public transport||Yes, requires Android 5.0 or later.||Yes||No||No||Yes|
|IPv4 over IPv4 tunnel||Yes||Yes||Yes||Yes||Yes|
|IPv6 over IPv4 tunnel||Yes||Yes||No||No||Yes|
|IPv6 over IPv4 tunnel||Yes||Yes||No||No||Yes|
|IPv6 over IPv6 tunnel||Yes||Yes||No||No||Yes|
|DNS server configuration||Yes||Yes||Yes, max of 2||Yes||Yes|
|Private-side proxy support||No, WiFi proxies are disabled when the VPN is established.||Yes||Yes, for URL, HTTP and HTTPS. These take precedence of other proxy setting pushed to the device. FTP and Auto proxy not supported.||Yes, using ASA configured proxy PAC URL||Yes, limited support in Windows Phone 8.1.|
|Proxy Exceptions||No||Yes, but wildcard specifications not supported||No||No||No|
|Public-side proxy support||No||No||No||No||No|
|Pre-login banner||Yes||Yes||Yes, if BlackBerry's Auto-Connect is enabled. A banner is shown only once for the session. If BDS pushes credentials to the device, banners may not be shown.||Yes||Yes|
Connecting and Disconnecting:
|VPN load balancing||Yes||Yes||Yes||Yes||Yes|
|Backup server list||Yes||Yes||Yes||Yes||No|
|Optimal Gateway Selection||No||No||No||No||No|
|Client Certificate Authentication||Yes||Yes||Yes||Yes||Yes|
|Online Certificate Status Protocol (OCSP)||Yes||No||No||No||No|
|Manual user certificate management||Yes||Yes||Yes, using BBRY device capabilities.||Yes, using Chrome device capabilities||Yes, using Windows Phone capabilities.|
|Manual server certificate management||Yes||Yes||Yes, using BBRY device capabilities.||Yes||Yes|
|SCEP legacy enrollment Please confirm for your platform.||Yes||Yes||Yes, if enabled, these obtained certificates override BDS pushed certificates. BDS may disable this feature.||No||No|
|SCEP proxy enrollment Please confirm for your platform.||Yes||Yes||Yes||No||No|
|Automatic certificate selection||Yes||Yes||No||No||Yes|
|Manual certificate selection||Yes||Yes||Yes||Yes||No|
|Smart card support||No||No||No||No||No|
|Username and password||Yes||Yes||Yes, also pushed in BDS VPN Profile.||Yes||Yes|
|Group URL (specified in server address)||Yes||Yes||Yes||Yes||Yes|
|Group selection (drop-down selection)||Yes||Yes||Yes||Yes||Yes|
|Credential prefill from user certificate||Yes||Yes||Yes, AnyConnect or BDS||Yes||Yes|
|Save password||No||No||Yes, by BDS, AnyConnect does not save passwords.||No||No|
|Standalone GUI||Yes||Yes||No||Yes, limited functions.||Yes, limited functions.|
|Native OS GUI||No||Yes, limited functions||Yes||Yes, limited functions.||Yes|
|API / URI Handler (see below)||Yes||Yes||No||No||No|
|UI localization||Yes, app contains pre-packaged languages.||Yes, app contains pre-packaged languages.||No||No||No|
|Home screen widgets for one-click VPN access||Yes||No||No||No||No|
|AnyConnect specific status icon||Optional||No||No||No||No|
Mobile Posture: (AnyConnect Identity Extensions, ACIDex)
|Serial number or unique ID check||Yes||Yes||No||No||No|
|OS and AnyConnect version shared with headend||Yes||Yes||Yes||Yes||Yes|
AnyConnect NVM support
Yes, with specific Samsung Knox and MDM requirements.
|Add connection entry||Yes||Yes||No||No||No|
|Connect to a VPN||Yes||Yes||No||No||No|
|Credential pre-fill on connect||Yes||Yes||No||No||No|
|Import localization data||Yes||Yes||No||No||No|
|Import XML client profile||Yes||Yes||No||No||No|
|External (user) control of URI commands||Yes||Yes||No||No||No|
Reporting and Troubleshooting:
|Logging / Diagnostic Information (DART)||Yes||Yes||Yes||Yes||Yes, Field Medic app required.|
|FIPS 140-2 Level 1||Yes||Yes||No||No||No|
AnyConnect Mobile Related Documentation
For more information refer to the following documentation:
Additional information on using VPN connections with Apple iOS devices is available from Apple: