APPLICATION DESCRIPTION: AnyConnect for Kindle Fire HD provides reliable and easy-to-deploy encrypted network connectivity from Kindle Fire HDs and new (2012) Kindle Fires to Cisco VPN head-ends (including Cisco ASA 5500 Security Appliances)by delivering persistent corporate access for users on the go. Whether providing access to business email, a virtual desktop session, or most other Kindle. SuperVPN Free VPN Client 2.5.9. Simple VPN app to protect your privacy SuperVPN Free VPN Client is a 100% free VPN for Android phones and tablets. If you want to browse Vote: 3.9/5 (107 votes) Platform: Android.
APPLICATION DESCRIPTION: AnyConnect for Kindle Fire HD provides reliable and easy-to-deploy encrypted network connectivity from Kindle Fire HDs and new (2012) Kindle Fires to Cisco VPN head-ends (including Cisco ASA 5500 Security Appliances)by delivering persistent corporate access for users on the go. Whether providing access to business email. OS X (current client supports 10.13 and above) Android. Android and Kindle devices. List of supported Android devices (from CISCO's website) Linux/Unix. Red Hat Linux and Ubuntu. Other Operating Systems. Creating a custom VPN configuration. Mar 10, 2021 Whether providing access to business email, a virtual desktop session, or most other Android applications, AnyConnect enables business-critical application connectivity. The Cisco Umbrella module for AnyConnect on Android provides DNS-layer protection for Android v6.0.1 and later and can be enabled with or without an AnyConnect license.
The native Android IPsec VPN client supports connections to the Cisco ASA firewall. This even works without the “AnyConnect for Mobile” license on the ASA. If only a basic remote access VPN connection is needed, this fits perfectly. It uses the classical IPsec protocol instead of the newer SSL version. However, the VPN tunnel works anyway.
In this short post I am showing the configuration steps on the ASA and on the Android phone in order to establish a remote access VPN tunnel.
I am running a Cisco ASA 5505 with version 9.2(4). The Android smartphone is a Samsung Galaxy S4 Mini with Android 4.4.2.
Cisco ASA Config
The configuration steps on the ASA are mostly the same as for a classical VPN-Client connection profile:
Or the appropriate CLI commands:
2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 | ip local pool Pool_192.168.133.0192.168.133.10-192.168.133.99mask255.255.255.0 crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256esp-sha-hmac crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP65535set pfs group5 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP65535set ikev1 transform-set ESP-AES-256-SHA ESP-AES-128-SHA crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP65535set ikev2 ipsec-proposal AES256 crypto map outside_map65535ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP ! crypto ikev1 policy10 encryption aes-256 group5 crypto ikev1 policy30 encryption aes-256 group2 crypto ikev1 policy90 encryption aes group2 ! group-policy MainVPN attributes vpn-tunnel-protocol ikev1 ssl-client ! tunnel-group MainVPN general-attributes default-group-policy MainVPN ikev1 pre-shared-key***** |
Android IPsec PSK
This is how the VPN connection must be configured:
ASA Logs
Cisco Anyconnect Download Android
After a connection establishment, the VPN session details on the ASA show details:
And, of course, via the CLI:
2 4 6 8 10 12 14 16 18 | Assigned IP:192.168.133.10Public IP:194.29.191.227 License:Other VPN Encryption:IKEv1:(1)AES256 IPsecOverNatT:(1)AES256 Bytes Tx:138957Bytes Rx:483030 Login Time:15:46:24CEST Mon Oct262015 Inactivity:0h:00m:00s Audt Sess ID:c0a88201000e9000562e3cc0 |
Featured image “Androids” by etnyk is licensed under CC BY-NC-ND 2.0.
The Cisco AnyConnect® Secure Mobility Client for Mobile Platforms provides reliable and easy-to-deploy encrypted network connectivity from smartphones and tablets along with persistent corporate access for employees on the go.
Product Overview
You can now safeguard employee smartphones and tablets with the Cisco AnyConnect Secure Mobility Client for Mobile Platforms, available for Apple iOS, Android, Windows Phone 8.1 and later, BlackBerry 10.3.2 and later, select Amazon Kindle and Fire Phone devices, and Google Chrome OS (early preview version).
Whether an employee is accessing business email, a virtual desktop session, or other enterprise applications, the AnyConnect client is an easy-to-use interface for business-critical information. The client uses Datagram Transport Layer Security (DTLS), IP Security Internet Key Exchange version 2 (IPsec IKEv2), and TLS (HTTP over TLS/SSL) to provide business-critical applications, including latency-sensitive applications such as voice over IP (VoIP), with encrypted access to corporate resources. AnyConnect 4.x supports per-app VPN functions for iOS 8.3 and later.
Figure 1 shows a sample AnyConnect user interface on Apple iOS and Android devices.
Features and Benefits
Table 1 lists the features and benefits of the AnyConnect Secure Mobility Client for Mobile Platforms. Feature availability varies by platform. Please see the platform release notes and documentation for specific supported feature details for a particular operating system.
Table 1.Features and Benefits
Feature | Benefit |
Software access and compatibility | Available on application marketplaces: ●Google Play: for Android 4.0 and later Note that there are multiple AnyConnect images available, so it is important that you select the correct image for your device. See the Android release notes for specific requirements. ●Windows Store: for Windows Phone 8.1 Update 1 and later ●BlackBerry App World: for BlackBerry 10.3.2 and later ●Google Chrome OS: for Chrome OS 43 and later (early preview) ●Amazon Appstore: for select Kindle and Fire Phone devices |
Optimized network access | ●Automatically adapts its tunneling to the most efficient method possible based on network constraints ●Uses DTLS to provide an optimized connection for TCP-based application access and latency-sensitive traffic, such as VoIP traffic ●Uses TLS (HTTP over TLS/SSL) to help ensure availability of network connectivity through locked-down environments ●IPsec IKEv2 provides an optimized connection for latency-sensitive traffic when security policies require the use of IPsec (requires Cisco Adaptive Security Appliance 8.4 or later) |
Network Visibility | ●Mobile visibility from the Network Visibility module ●Capture endpoint flows with rich user, endpoint, application, location and destination context |
Mobility friendly | ●Resumes transparently after IP address change, loss of connectivity, or device standby |
Battery friendly | |
Encryption | ●Supports strong encryption, including AES-256 and 3DES-168. (The security gateway device must have a strong-crypto license enabled.) ●Next-generation encryption, including NSA Suite B algorithms, ESPv3 with IKEv2, 4096-bit RSA keys, Diffie-Hellman group 24, and enhanced SHA2 (SHA-256 and SHA-384). Available only for IPsec IKEv2 connections. An AnyConnect Apex license is required. |
Authentication options | ●RADIUS with Password Expiry (MSCHAPv2) to NT LAN Manager (NTLM) ●RADIUS onetime password (OTP) support (state and reply message attributes) ●Active Directory or Kerberos ●Digital certificate (compatible with AnyConnect integrated Simple Certificate Enrollment Protocol, or SCEP, for credential deployment) ●Generic Lightweight Directory Access Protocol (LDAP) support ●Combined certificate and username-password multifactor authentication (double authentication) |
Consistent user experience | ●Full-tunnel client mode supports remote-access users requiring a consistent LAN-like user experience |
Centralized policy control and management | ●Policies can be preconfigured or configured locally and can be automatically updated from the VPN security gateway ●Universal Resource Indicator (URI) handler for AnyConnect eases deployments through URLs embedded in webpages or applications |
Advanced IP network connectivity | ●Administrator-controlled split- or all-tunneling network access policy ●Per-app VPN policy for iOS 8.3 and later (requires Cisco ASA 5500-X with OS 9.3.2 or later and AnyConnect Plus or Apex license) IP address assignment mechanisms: ●Static ●Dynamic Host Configuration Protocol (DHCP) |
Localization | In addition to English, the following language translations are included: ●Canadian French (fr-ca) ●German (de-de) ●Korean (ko-kr) ●Polish (pl-pl) |
Diagnostics | ●On-device statistics and logging information are available. ●Logs can be easily emailed to Cisco or an administrator for analysis. |
Platform Compatibility
The AnyConnect Secure Mobility Client is compatible with all Cisco ASA 5500-X Series Next-Generation Firewalls and Cisco 5500 Series Enterprise Firewall Edition models running ASA Software Release 8.0(4) or later. Use of current ASA software releases is advised.
Cisco Anyconnect Vpn Client Android
Certain features require later ASA Software releases or ASA 5500-X models.
Cisco supports AnyConnect VPN access to Cisco IOS® Release 15.1(2)T or later functioning as the highly secure gateway with certain feature limitations. Refer to http://www.cisco.com/go/fn for additional Cisco IOS Software feature support information.
Cisco Anyconnect Vpn Client Download
Additional compatibility information may be found at
http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html.
Licensing Options and Ordering Information
Cisco Vpn Client Android Setup Free
The AnyConnect Ordering Guide covers licensing and ordering information for AnyConnect, clientless SSL VPN, and third-party IKEv2 remote-access VPN usage. AnyConnect Plus or Apex licenses are required for full platform and feature support. Customers with existing Essentials or Premium and Mobile licenses are permitted to use the iOS and Android versions (excluding per-app VPN functions) until April 30, 2016. All other mobile platforms require Plus or Apex licenses. AnyConnect VPN connectivity to non-Cisco headend equipment is never permitted. For more information, see the ordering guide at
http://www.cisco.com/c/dam/en/us/products/security/anyconnect-og.pdf.
Cisco Capital
Financing to Help You Achieve Your Objectives
Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more.
For More Information
●Cisco AnyConnect Secure Mobility Client homepage:
http://www.cisco.com/go/anyconnect.
●Cisco AnyConnect documentation:
http://www.cisco.com/c/en/us/support/security/anyconnect-secure-mobility-client/tsd-products-support-series-home.html.
●Cisco ASA 5500-X Series Next-Generation Firewalls: http://www.cisco.com/go/asa.
●Cisco AnyConnect License Agreement and Privacy Policy: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/license/end_user/AnyConnect-SEULA-v4-x.html.
Acknowledgments
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit.
Cisco Vpn Client Android App
This product includes cryptographic software written by Eric Young.
Cisco Vpn Client Android Apk
This product includes software written by Tim Hudson.
This product incorporates the libcurl HTTP library: Copyright 1996-2006, Daniel Stenberg.