AnyConnect Mobile Platforms and Features

Android Supported Devices

Full support for Cisco AnyConnect on Android is provided on devices running Android 4.0 (Ice Cream Sandwich) through the latest release of Android.

Cisco AnyConnect on Kindle is available from Amazon for the Kindle Fire HD devices, and the New Kindle Fire. AnyConnect for Kindle is equivalent in functionality to the AnyConnect for Android package.

Per App VPN is supported in managed and unmanaged environments. In a managed environment using Samsung KNOX MDM, Samsung devices running Android 4.3 or later with Samsung Knox 2.0, are required. When using Per App in an unmanaged environment, the generic Android methods are used.

For the Network Visibility Module (NVM) capabilities, Samsung devices that are running Samsung Knox 2.8 or later (including 3.2), which requires Android 7.0 or later, are required. For configuration of NVM, the AnyConnect Profile Editor from AnyConnect 4.4.3 or later is also required. Earlier releases do not support mobile NVM configurations.

Apple iOS Supported Devices

Cisco AnyConnect 4.10 is the latest and recommended version available on all iPhones, iPads, and iPod Touch devices running Apple iOS 10.3 and later.

If a device does not support Apple iOS 10.3 or later, only Legacy AnyConnect 4.0.05x , available on all iPhones, iPads, and iPod Touch devices running Apple iOS 6.0 and later, can be used. Per App tunneling in Legacy AnyConnect requires Apple iOS 8.3 or later.


AnyConnect on the iPod Touch appears and operates as on the iPhone.

Google Chrome OS Supported Devices

Cisco AnyConnect on Google Chromebook requires Chrome OS 43 or later. Stability and feature enhancements are available in Chrome OS 45.

AnyConnect on Google Chromebook cannot be used from a standalone Chrome browser on another platform.

For all current Chromebooks, AnyConnect for Android is officially supported and strongly recommended for the optimal AnyConnect experience on ChromeOS. The native ChromeOS client is intended only for legacy Chromebooks incapable of running Android applications.

AnyConnect Mobile Platforms Feature Matrix

Category: Feature Android Apple iOS Chrome Universal Windows Platform

Deployment and Configuration:

Install or upgrade from application store. Yes Yes Yes Yes
Cisco VPN Profile support (manual import) Yes Yes Yes No
Cisco VPN Profile support (import on connect) Yes Yes Yes No
MDM configured connection entries Yes Yes Yes Yes
User-configured connection entries Yes Yes Yes Yes


TLS Yes Yes Yes Yes
Datagram TLS (DTLS) Yes Yes Yes No
DTLS v1.2 Yes
IPsec IKEv2 NAT-T Yes Yes Yes No
IKEv2 - raw ESP Yes No No No
Suite B (IPsec only) Yes Yes No No
TLS compression Yes Yes, 32-bit devices only No No
Dead peer detection Yes Yes Yes No
Tunnel keepalive Yes Yes Yes No
Multiple active network interfaces No No No No
Per App Tunneling Yes, Android 5.0+ or Samsung Knox Yes, requires Cisco AnyConnect 4.0.09xxx and iOS 10.3 or later. No Yes, by MDM provisioning only
Multiple tunnel No Yes, with MDM configuration No No
Full tunnel (OS may make exceptions on some traffic, such as traffic to the app store). Yes Yes Yes Yes
Split tunnel (split include). Yes Yes Yes Yes
Local LAN (split exclude). No Yes Yes No
Split-DNS Yes, works with split include. Yes No Yes
Auto Reconnect / Network Roaming Yes, regardless of the Auto Reconnect profile specification, AnyConnect Mobile always attempts to maintain the VPN as users move between 3G and WiFi networks. Yes Yes, requires Chrome OS 51 or later and Cisco AnyConnect 4.0.0113 or later. Yes,if user remains on the same network and the network connection has not terminated.
VPN on-demand (triggered by destination) No Yes, compatible with Apple iOS Connect on Demand. No Yes
VPN on-demand (triggered by application) No Yes, when operating in Per App VPN mode only. No No
Rekey Yes Yes Yes No
IPv4 public transport Yes Yes Yes Yes
IPv6 public transport Yes, requires Android 5.0 or later. Yes No Yes
IPv4 over IPv4 tunnel Yes Yes Yes Yes
IPv6 over IPv4 tunnel Yes Yes No Yes
IPv6 over IPv4 tunnel Yes Yes No Yes
IPv6 over IPv6 tunnel Yes Yes No Yes
Default domain Yes Yes Yes Yes
DNS server configuration Yes Yes Yes Yes
Private-side proxy support No, WiFi proxies are disabled when the VPN is established. Yes Yes, using ASA configured proxy PAC URL Yes, limited support
Proxy Exceptions No Yes, but wildcard specifications not supported No No
Public-side proxy support No No No No
Pre-login banner Yes Yes Yes Yes
Post-login banner Yes Yes Yes Yes
DSCP Preservation Yes No No No

Connecting and Disconnecting:

VPN load balancing Yes Yes Yes Yes
Backup server list Yes Yes Yes No
Optimal Gateway Selection No No No No


Biometric protection of client certificate

Yes Yes No No
SAML 2.0 Yes Yes Yes No
Client Certificate Authentication (RSA) Yes Yes Yes Yes
Client Certificate Authentication (ECDSA) Yes Yes Yes Yes
SAML + Client Certificate Requests Yes Yes No No
Certificate Revocation Checking Online Certificate Status Protocol (OCSP) either OCSP or CRL (Certificate Revocation List), depending on iOS version No No
Manual user certificate management Yes Yes Yes, using Chrome device capabilities Yes
Manual server certificate management Yes Yes Yes Yes
SCEP legacy enrollment: Deprecated No No No No
SCEP proxy enrollment Please confirm for your platform. Yes Yes No No
Automatic certificate selection Yes Yes No Yes
Manual certificate selection Yes Yes Yes No
Smart card support No No No No
Username and password Yes Yes Yes Yes
Tokens/challenge Yes Yes Yes Yes
Double authentication Yes Yes Yes Yes
Group URL (specified in server address) Yes Yes Yes Yes
Group selection (drop-down selection) Yes Yes Yes Yes
Credential prefill from user certificate Yes Yes Yes Yes
Save password No No No No
Umbrella User Identities Yes No No No

User interface:

Standalone GUI Yes Yes Yes, limited functions Yes, limited functions.
Native OS GUI No Yes, limited functions Yes, limited functions Yes
API / URI Handler (see below) Yes Yes No No
UI customization No No No No
UI localization Yes, app contains pre-packaged languages. Yes, app contains pre-packaged languages. No No
User preferences Yes Yes Yes Partial
AnyConnect specific status icon Optional No No No
Dark mode No Yes No No

Mobile Posture: (AnyConnect Identity Extensions, ACIDex)

Serial number or unique ID check Yes Yes No No
OS and AnyConnect version shared with headend Yes Yes Yes Yes
Siri support No Yes No No

AnyConnect NVM support

Yes, with specific Samsung Knox and MDM requirements.

No No No
Ability to restrict the exporting of NVM flows Yes No No No

Ability to securely send data to the collector over DTLS





URI Handling:

QR code scanning Yes No No No
Add connection entry Yes Yes No No
Connect to a VPN Yes Yes No No
Credential pre-fill on connect Yes Yes No No
Disconnect VPN Yes Yes No No
Import certificate Yes Yes No No
Import localization data Yes Yes No No
Import XML client profile Yes Yes No No
External (user) control of URI commands Yes Yes No No

Reporting and Troubleshooting:

Statistics Yes Yes Yes No
Logging / Diagnostic Information (DART) Yes Yes Yes Yes, Field Medic app required


FIPS 140-2 Level 1 Yes Yes No No