This article contains the frequently asked questions in setting up, configuring, and troubleshooting the Cisco AnyConnect Secure Mobility Client and their answers.
1. What is the Cisco AnyConnect Secure Mobility Client?
2. What are the advantages of using the Cisco AnyConnect Secure Mobility Client?
3. What are the main features of the Cisco AnyConnect Secure Mobility Client?
4. What are the licenses that may be required for the deployment of AnyConnect Secure Mobility Client?
5. What are the modules does the Cisco AnyConnect Secure Mobility Client support?
6. What operating systems are supported by the Cisco AnyConnect Secure Mobility Client?
7. Does Cisco AnyConnect Secure Mobility Client support Apple iOS devices?
8. What Apple iOS devices are supported by Cisco AnyConnect Secure Mobility Client?
9. Does Cisco support AnyConnect VPN access to Cisco IOS?
10. Does Cisco AnyConnect Secure Mobility Client support Android devices?
11. What Android devices are supported by the Cisco AnyConnect Secure Mobility Client?
12. Is AnyConnect weblaunch installation supported on 64-bit browsers (IE - Internet Explorer)?
13. What level of rights is required to install the Cisco AnyConnect Secure Mobility Client?
17. What are the known third party applications that conflict with the Cisco AnyConnect Secure Mobility?
18. Can AnyConnect co-exist with IPSec and/ or SSL VPN clients from other vendors on the same PC?
22. When using McAfee Firewall 5, a UDP DTLS connection cannot be established.
24. What should I do if the connection fails due to lack of credentials?
28. What should I do if an LSP module is present on the client and a Winsock catalog conflict occurs?
1. What is the Cisco AnyConnect Secure Mobility Client?
The Cisco AnyConnect Secure Mobility Client, also known as the Cisco AnyConnect VPN Client, is a software application for connecting to a Virtual Private Network (VPN) that works on various operating systems and hardware configurations. This software application makes it possible for remote resources of another network become accessible as if the user is directly connected to his network, but in a secure way. Cisco AnyConnect Secure Mobility Client provides an innovative new way to protect mobile users on computer-based or smart-phone platforms, providing a more seamless, always-protected experience for end users and comprehensive policy enforcement for IT administrator.
2. What are the advantages of using the Cisco AnyConnect Secure Mobility Client?
The Cisco AnyConnect Secure Mobility Client has the following advantages:
3. What are the main features of the Cisco AnyConnect Secure Mobility Client?
The Cisco AnyConnect Secure Mobility Client has the following main features:
To know more about the details of minimum release requirements, license requirements, and supported operating systems of each of this features, click here.
License Options
For the most updated information on AnyConnect licensing on the RV340 series routers, check out the article AnyConnect Licensing for the RV340 Series Routers.
4. What are the licenses that may be required for the deployment of AnyConnect Secure Mobility Client?
One or more of the following AnyConnect licenses may be required for your deployment:
Support
5. What are the modules that the Cisco AnyConnect Secure Mobility Client support?
The Cisco AnyConnect Secure Mobility Client supports the following modules:
To know more about the details of minimum release requirements, license requirements, and supported operating systems of these modules, click here.
6. What operating systems are supported by the Cisco AnyConnect Secure Mobility Client?
The Cisco AnyConnect Secure Mobility Client supports the following Operating Systems:
To know more about the AnyConnect Support for each Operating System, click here.
7. Does Cisco AnyConnect Secure Mobility Client support Apple iOS devices?
Yes.
8. What Apple iOS devices are supported by Cisco AnyConnect Secure Mobility Client?
The following Apple iOS devices are supported:
Device |
Apple iOS Release Required |
---|---|
iPad Air |
7.0 or later |
iPad 2 |
6.0 or later |
iPad (3rd generation) |
6.0 or later |
iPad (4th generation) |
6.0 or later |
iPad mini |
6.0 or later |
iPad mini (with Retina display) |
7.0 or later |
iPad-Pro |
9.0 or later |
iPhone 3GS |
6.0 - 6.1.6 |
iPhone 4 |
6.0 - 7.1.2 |
iPhone 4S |
6.0 or later |
iPhone 5 |
6.0 or later |
iPhone 5C |
7.0 or later |
iPhone 5S |
7.0 or later |
iPhone 6 |
8.0 or later |
iPhone 6 Plus |
8.0 or later |
iPhone 6s |
9.0 or later |
iPhone 6s Plus |
9.0 or later |
iPod Touch (4th generation) |
6.0 - 6.1.6 |
iPod Touch (5th generation) |
6.0 or later |
To know about the features supported in AnyConnect for Apple iOS devices, click here.
9. Does Cisco support AnyConnect VPN access to Cisco IOS?
Cisco supports AnyConnect VPN access to IOS Release 15.1(2)T functioning as the secure gateway; however, IOS Release 15.1(2)T does not currently support the following AnyConnect features:
10. Does Cisco AnyConnect Secure Mobility Client support Android devices?
Yes.
11. What Android devices are supported by the Cisco AnyConnect Secure Mobility Client?
All Android devices that have Android 4.0 (Ice Cream Sandwich) and later.
Installation
12. Is AnyConnect weblaunch installation supported on 64-bit browsers (IE - Internet Explorer)?
AnyConnect installation via weblaunch is not supported on 64-bit IE browsers.
13. What level of rights is required to install the Cisco AnyConnect Secure Mobility Client?
Administrative level privilege is required to install the Cisco AnyConnect Secure Mobility Client but only for initial installation.
14. Do I need to reboot my system after installing or upgrading the Cisco AnyConnect Secure Mobility Client?
No. Unlike the IPSec VPN Client, a reboot is not necessary after the installation or an upgrade.
15. Is it possible to save the password credentials on AnyConnect so that it will not request authentication again the next time?
No, it is not possible to save the password credentials on AnyConnect.
Compatibility
16. What Interoperability Considerations should I keep in mind before installing the Cisco AnyConnect Secure Mobility?
17. What are the known third party applications that conflict with the Cisco AnyConnect Secure Mobility?
The following third-party applications have known complications with Cisco AnyConnect Secure Mobility Client:
18. Can AnyConnect co-exist with IPSec and/ or SSL VPN clients from other vendors on the same PC?
Yes. But the following general rules apply to all AnyConnect versions:
The AnyConnect client should work fine if the other vendor products are disabled and the following should NOT be done:
Basic Troubleshooting
19. When AnyConnect attempts to establish a connection, it authenticates successfully and builds the SSL session, but then the AnyConnect client crashes in the vpndownloader if using LSP or NOD32 AV. What should I do?
Remove the Internet Monitor component in version 2.7 and upgrade to version 3.0 of ESET NOD32 AV.
20. I am using an AT&T Dialer and the client operating system sometimes experiences a blue screen that causes the creation of a mini dump file. What should I do?
Upgrade to the latest 7.6.2 AT&T Global Network Client.
21. When Kaspersky 6.0.3 is installed (even if disabled), AnyConnect connections to the ASA fail right after CSTP state = CONNECTED and the following message appears: “SVC message: t/s=3/16: Failed to fully establish a connection to the secure gateway (proxy authentication, handshake, bad cert, etc.).”
Uninstall Kaspersky and refer to their forums for additional updates.
22. When using McAfee Firewall 5, a UDP DTLS connection cannot be established.
In the McAfee Firewall central console, choose Advanced Tasks > Advanced options and Logging and uncheck the Block incoming fragments automatically check box in McAfee Firewall.
23. I am using RRAS, the following termination error is returned to the event log when AnyConnect attempts to establish a connection to the host device: “Termination reason code 29 [Routing and Remote Access service is running] The Windows service “Routing and Remote Access” is incompatible with the Cisco AnyConnect VPN Client. “
Disable the RRAS service.
24. What should I do if the connection fails due to lack of credentials?
The third-party load balancer has no insight into the load on the ASA devices. Because the load balance functionality in the ASA is intelligent enough to evenly distribute the VPN load across the devices, we recommend using the internal ASA load balancing instead.
25. The AnyConnect client fails to download and produces the following error message: “Cisco AnyConnect VPN Client Downloader has encountered a problem and needs to close.”
Upload the patch update to version 1.2.1.38 to resolve all dll issues.
26. I am using Bonjour Printing Services, the AnyConnect event logs indicate a failure to identify the IP forwarding table.
Disable the Bonjour Printing Service by entering net stop “bonjour service” at the command prompt. A new version of mDNSResponder (1.0.5.11) has been produced by Apple. To resolve this issue, a new version of Bonjour is bundled with iTunes and made available as a separate download from the Apple web site.
To know more about the Apple iOS known issues and limitations with Cisco AnyConnect Secure Mobility Client, click here.
27. An error indicates that the version of TUN is already installed on this system and is incompatible with the AnyConnect client.
Uninstall the Viscosity OpenVPN Client.
28. What should I do if an LSP module is present on the client and a Winsock catalog conflict occurs?
Uninstall the LSP module.
29. I am connecting with a DSL router, and DTLS traffic fails even if it has successfully negotiated. What should I do?
Connect to a Linksys router with factory settings. This setting allows a stable DTLS session and no interruption in pings. Add a rule to allow DTLS return traffic.
30. When using AnyConnect on some Virtual Machine Network Service devices, performance issues have resulted. What should I do?
Uncheck the binding for all IM devices within the AnyConnect virtual adapter. The application dsagent.exe resides in C:\Windows\System\dgagent. Although it does not appear in the process list, you can see it by opening sockets with TCPview (sysinternals). When you terminate this process, normal operation of AnyConnect returns.
To know more about other issues and troubleshooting tips to resolve them, click here.