AnyConnect for Universal Windows Platform Release Notes

AnyConnect for Universal Windows Platform

The AnyConnect Secure Mobility Client provides remote users with secure VPN connections to the Cisco ASA 5500 Series. It provides seamless and secure remote access to enterprise networks allowing installed applications to communicate as though connected directly to the enterprise network. AnyConnect supports connections to IPv4 and IPv6 resources over an IPv4 or IPv6 tunnel.

This document, written for system administrators of the AnyConnect Secure Mobility Client and the Adaptive Security Appliance (ASA) 5500, supplements the Cisco AnyConnect Mobile Platforms Administrator Guide, Release 4.1 and provides release specific information for AnyConnect running on Universal Windows Platform.

The AnyConnect app is available on the Windows Store only. Cisco does not distribute AnyConnect mobile apps. Nor can you deploy the mobile app from the ASA. You can deploy other releases of AnyConnect for desktop devices from the ASA while supporting this mobile release.

AnyConnect Mobile Support Policy

Cisco supports the AnyConnect version that is currently available in the app store; however, fixes and enhancements are provided only in the most recently released version.

AnyConnect Licensing

To connect to the ASA headend an AnyConnect 4.x Plus or Apex license is required, trial licenses are available, see the Cisco AnyConnect Ordering Guide.

For the latest end-user license agreement, see Cisco End User License Agreement, AnyConnect Secure Mobility Client, Release 4.x.

For our open source licensing acknowledgments, see Open Source Software Used In Cisco AnyConnect Secure Mobility Client Release 4.x for Mobile

Universal Windows Platform Supported Devices

Windows Support

AnyConnect for Universal Windows Platform is supported on devices that run Microsoft Windows 10 RS4 (1803) or higher.

Universal Windows Platform AnyConnect Feature Matrix

The following remote access features are supported by Cisco AnyConnect on Universal Windows Platform:

Category: Feature Windows Phone

Deployment and Configuration:

Install or upgrade from Application Store Yes
Cisco VPN Profile support (manual import) No
Cisco VPN Profile support (import on connect) No
MDM configured connection entries Yes
User-configured connection entries Yes

Tunneling:

TLS Yes
Datagram TLS (DTLS) No
IPsec IKEv2 NAT-T No
IKEv2 - raw ESP No
Suite B (IPsec only) No
TLS compression No
Dead peer detection No
Tunnel keepalive No
Multiple active network interfaces No
Per App Tunneling (requires Plus or Apex license and ASA 9.4.2 or later) No
Full tunnel (OS may make exceptions on some traffic, such as traffic to the app store) Yes
Split tunnel (split include) Yes
Local LAN (split exclude) No
Split-DNS Yes
Auto Reconnect / Network Roaming Yes, if user remains on the same network and the network connection has not terminated.
VPN on-demand (triggered by destination) Yes
VPN on-demand (triggered by application) No
Rekey Yes, initiated by gateway only.
IPv4 public transport Yes
IPv6 public transport Yes
IPv4 over IPv4 tunnel Yes
IPv6 over IPv4 tunnel Yes
Default domain Yes
DNS server configuration Yes
Private-side proxy support Yes
Proxy Exceptions No
Public-side proxy support No
Pre-login banner Yes
Post-login banner Yes
DSCP Preservation No

Connecting and Disconnecting:

VPN load balancing Yes
Backup server list No
Optimal Gateway Selection No

Authentication:

SAML 2.0 No
Client Certificate Authentication Yes
Online Certificate Status Protocol (OCSP) No
Manual user certificate management Yes
Manual server certificate management Yes
SCEP legacy enrollment Please confirm for your platform. No
SCEP proxy enrollment Please confirm for your platform. No
Automatic certificate selection Yes
Manual certificate selection No
Smart card support Yes
Username and password Yes
Tokens/challenge Yes
Double authentication Yes
Group URL (specified in server address) Yes
Group selection (drop-down selection) Yes
Credential prefill from user certificate Yes
Save password No

User interface:

Standalone GUI Yes, limited functions.
Native OS GUI Yes
API / URI Handler (see below) No
UI customization No
UI localization No
User preferences Partial
Home screen widgets for one-click VPN access No
AnyConnect specific status icon No

Mobile Posture: (AnyConnect Identity Extensions, ACIDex)

Serial number or unique ID check No
OS and AnyConnect version shared with headend Yes

URI Handling:

Add connection entry No
Connect to a VPN No
Credential pre-fill on connect No
Disconnect VPN No
Import certificate No
Import localization data No
Import XML client profile No
External (user) control of URI commands No

Reporting and Troubleshooting:

Statistics No
Logging / Diagnostic Information (DART) Yes, obtain the logs via the Windows 10 directory ' C:\Users\[username]\AppData\Local\Packages\CiscoSystems.AnyConnect_edjcgkw48dhxt\LocalState\Logs'

Certifications:

FIPS 140-2 Level 1 No

Adaptive Security Appliance Requirements

A minimum release of the ASA is required for the following features:


Note

Refer to the feature matrix for your platform to verify the availability of these features in the current AnyConnect mobile release.


  • You must upgrade to ASA 9.7.1.24, 9.8.2.28, 9.9.2.1 or later to use the SAML authentication feature. Make sure that both the client and server versions are up-to-date.

  • You must upgrade to ASA 9.3.2 or later to use TLS 1.2.

  • You must upgrade to ASA 9.0 to use the following mobile features:

    • IPsec IKEv2 VPN

    • Suite B cryptography

    • SCEP Proxy

    • Mobile Posture

  • ASA Release 8.0(3) and Adaptive Security Device Manager (ASDM) 6.1(3) are the minimum releases that support AnyConnect for mobile devices.

Open and Resolved AnyConnect Issues

The Cisco Bug Search Tool, https://tools.cisco.com/bugsearch/, has detailed information about the following open and resolved issues in this release. A Cisco account is required to access the Bug Search Tool. If you do not have one, register at https://tools.cisco.com/RPF/register/register.do.

Open Issues in AnyConnect 4.7.20030 for Universal Windows Platform

Identifier Headline
CSCuv32132 [Windows Phone] Client needs to handle DPD settings from asa properly
CSCuv46369 [Windows Phone Doc] Unable to connect to IPv6-only network
CSCuv68051 [Windows Phone] Reconnect Issue
CSCuv74230 [Windows Phone] Poor Performance while VPN Tunnel is up
CSCuv78523 [Doc] List of Windows Apps not supported when VPN is on
CSCuv78795 [MSFT 8.1 OS Bug] VPN shows connected cannot pass traffic - 602 Error