Guidelines and Limitations for Secure Client AnyConnect on Android
- The Secure Firewall ASA does not provide distributions and updates for AnyConnect for Android. They are available on Google Play. The APK (package) file for the latest version is also posted on Cisco.com.
- AnyConnect for Android supports only the Network Visibility Module and Umbrella; it does not support any other Secure Client modules.
- The Android device supports no more than one AnyConnect profile, which is the last one received from a headend. However, a profile can consist of multiple connection entries.
- If users attempt to install AnyConnect on devices that are not supported, they receive the pop-up message Installation Error: Unknown reason -8. This message is generated by the Android OS.
- With users who have AnyConnect in a widget on their home screen, the AnyConnect services are automatically started (but not connected) regardless of the "Launch at startup" preference.
- AnyConnect for Android requires UTF-8 character encoding for extended ASCII characters when using pre-fill from client certificates. The client certificate must be in UTF-8 if you want to use prefill, per the instructions in KB-890772 and KB-888180.
- AnyConnect blocks voice calls if it is sending or receiving VPN traffic over an EDGE connection per the inherent nature of EDGE and other early radio technology.
- Some known file compression utilities do not successfully decompress log bundles packaged with the use of the AnyConnect Send Log button. As a workaround, use the native utilities on Windows and macOS to decompress Secure Client log files.
- DHE Incompatibility—With the introduction of DHE cipher support in AnyConnect, incompatibility issues result in Cisco Secure Firewall ASA versions before ASA 9.2. If you are using DHE ciphers with Secure Firewall ASA releases earlier than 9.2, you must disable DHE ciphers on those Secure Firewall ASA versions.
- Because AnyConnect is a networking VPN application, it requires background operation to function; therefore, you should never add AnyConnect to the deep sleep list.