AnyConnect for Universal Windows Platform Release Notes
AnyConnect for Universal Windows Platform
The AnyConnect Secure Mobility Client provides remote users with secure VPN connections to the Cisco ASA 5500 Series. It provides seamless and secure remote access to enterprise networks allowing installed applications to communicate as though connected directly to the enterprise network. AnyConnect supports connections to IPv4 and IPv6 resources over an IPv4 or IPv6 tunnel.
This document, written for system administrators of the AnyConnect Secure Mobility Client and the Adaptive Security Appliance (ASA) 5500, provides release specific information for AnyConnect running on Universal Windows Platform.
The AnyConnect app is available on the Windows Store only. Cisco does not distribute AnyConnect mobile apps. Nor can you deploy the mobile app from the ASA. You can deploy other releases of AnyConnect for desktop devices from the ASA while supporting this mobile release.
AnyConnect Mobile Support Policy
Cisco supports the AnyConnect version that is currently available in the app store; however, fixes and enhancements are provided only in the most recently released version.
To connect to the ASA headend, an AnyConnect 4.x Plus or Apex license is required. Trial licenses are available: Cisco AnyConnect Ordering Guide.
For the latest end-user license agreement, see Cisco End User License Agreement, AnyConnect Secure Mobility Client, Release 4.x.
For our open source licensing acknowledgments, see Open Source Software Used In Cisco AnyConnect Secure Mobility Client Release 4.x for Mobile
AnyConnect Mobile Related Documentation
Universal Windows Platform Supported Devices
AnyConnect for Universal Windows Platform is supported on devices that run Microsoft Windows 10 RS4 (1803) or higher.
Universal Windows Platform AnyConnect Feature Matrix
The following remote access features are supported by Cisco AnyConnect on Universal Windows Platform:
|Category: Feature||Universal Windows Platform|
Deployment and Configuration:
|Install or upgrade from Application Store||Yes|
|Cisco VPN Profile support (manual import)||No|
|Cisco VPN Profile support (import on connect)||No|
|MDM configured connection entries||Yes|
|User-configured connection entries||Yes|
|Datagram TLS (DTLS)||No|
|IPsec IKEv2 NAT-T||No|
|IKEv2 - raw ESP||No|
|Suite B (IPsec only)||No|
|Dead peer detection||No|
|Multiple active network interfaces||No|
|Per App Tunneling (requires Plus or Apex license and ASA 9.4.2 or later)||No|
|Full tunnel (OS may make exceptions on some traffic, such as traffic to the app store)||Yes|
|Split tunnel (split include)||Yes|
|Local LAN (split exclude)||No|
|Auto Reconnect / Network Roaming||Yes, if user remains on the same network and the network connection has not terminated.|
|VPN on-demand (triggered by destination)||Yes|
|VPN on-demand (triggered by application)||No|
|IPv4 public transport||Yes|
|IPv6 public transport||Yes|
|IPv4 over IPv4 tunnel||Yes|
|IPv6 over IPv4 tunnel||Yes|
|DNS server configuration||Yes|
|Private-side proxy support||Yes|
|Public-side proxy support||No|
Connecting and Disconnecting:
|VPN load balancing||Yes|
|Backup server list||No|
|Optimal Gateway Selection||No|
|Client Certificate Authentication||Yes|
|Online Certificate Status Protocol (OCSP)||No|
|Manual user certificate management||Yes|
|Manual server certificate management||Yes|
|SCEP legacy enrollment Please confirm for your platform.||No|
|SCEP proxy enrollment Please confirm for your platform.||No|
|Automatic certificate selection||Yes|
|Manual certificate selection||No|
|Smart card support||Yes|
|Username and password||Yes|
|Group URL (specified in server address)||Yes|
|Group selection (drop-down selection)||Yes|
|Credential prefill from user certificate||Yes|
|Standalone GUI||Yes, limited functions.|
|Native OS GUI||Yes|
|API / URI Handler (see below)||No|
|Home screen widgets for one-click VPN access||No|
|AnyConnect specific status icon||No|
Mobile Posture: (AnyConnect Identity Extensions, ACIDex)
|Serial number or unique ID check||No|
|OS and AnyConnect version shared with headend||Yes|
|Add connection entry||No|
|Connect to a VPN||No|
|Credential pre-fill on connect||No|
|Import localization data||No|
|Import XML client profile||No|
|External (user) control of URI commands||No|
Reporting and Troubleshooting:
|Logging / Diagnostic Information (DART)||Yes, obtain the logs via the Windows 10 directory ' C:\Users\[username]\AppData\Local\Packages\CiscoSystems.AnyConnect_edjcgkw48dhxt\LocalState\Logs'|
|FIPS 140-2 Level 1||No|
Adaptive Security Appliance Requirements
A minimum release of the ASA is required for the following features:
Refer to the feature matrix for your platform to verify the availability of these features in the current AnyConnect mobile release.
You must upgrade to ASA 126.96.36.199, 188.8.131.52, 184.108.40.206 or later to use the SAML authentication feature. Make sure that both the client and server versions are up-to-date.
You must upgrade to ASA 9.3.2 or later to use TLS 1.2.
You must upgrade to ASA 9.0 to use the following mobile features:
IPsec IKEv2 VPN
Suite B cryptography
ASA Release 8.0(3) and Adaptive Security Device Manager (ASDM) 6.1(3) are the minimum releases that support AnyConnect for mobile devices.
Open and Resolved AnyConnect Issues
The Cisco Bug Search Tool https://tools.cisco.com/bugsearch/ has detailed information about the following open and resolved issues in this release. A Cisco account is required to access the Bug Search Tool. If you do not have one, register at https://tools.cisco.com/RPF/register/register.do.
Open Issues in AnyConnect 4.7.20030 for Universal Windows Platform
|CSCuv32132||[Windows Phone] Client needs to handle DPD settings from asa properly|
|CSCuv46369||[Windows Phone Doc] Unable to connect to IPv6-only network|
|CSCuv68051||[Windows Phone] Reconnect Issue|
|CSCuv74230||[Windows Phone] Poor Performance while VPN Tunnel is up|
|CSCuv78523||[Doc] List of Windows Apps not supported when VPN is on|
|CSCuv78795||[MSFT 8.1 OS Bug] VPN shows connected cannot pass traffic - 602 Error|