04-09-2010 12:57 AM
Hi!
We have got a couple of mobile phones with Android OS to our company.
We need a proper IPSEC VPN client to these Android phones, but cannot find any.
There are some IPSEC VPN clients on the market, but to use these you have to root the phone.
We have a ASA 5520 that works great with the Cisco AnyConnect client on Windows PC:s.
Will Cisco release a VPN client, like AnyConnect, that is compatible with Android?
Best Regards
Stefan
05-26-2011 01:48 AM
Nice to see it is working for more people.
I forgot to comment that the same config also works with HTC Desire HD.
06-29-2011 06:45 AM
I guess this is OK news, but what about all the other non-Sansung android devices? Still seems like a half-baked solution. I don't mean to be rude, but Cisco has been dragging their feet on this for over a year. Regardless of wether the problem lies with Cisco or with Android-splintering, as some would suggest, the fact remains that this is a key piece of missing software on the Android platform.
It makes Cisco look bad because end-users say "Well, Apple can do it." CEO/CIOs don't really care about the details when you tell them their device doesn't work.
just a comment.
dannon
06-30-2011 12:59 AM
Google knows that Android is not mature enough for corporate market, so the latest releases of Android are putting a bit more focus on that -as far as I know-, one of the consequences of that would be the release from Cisco including support for Gingerbread.
In the other hand, push a company, Juniper, Nortel, Cisco.... to develop a vpn client -which requites low-level changes and for sure administrative/root permissions- is not something easy without compromise the whole android firmware-image.
Not the latest update but... look:
http://static.intomobile.com/wp-content/uploads/2010/09/android-gains-corporate-market1.jpg
I dont know with all the details how are working the privileges under android but so far, in the htc desire Z, 'su' not working, 'sudo' not working... pam? I didn't research about it.
Nowdays the only solution you could have for previous releases is to root the device, and after that, install a software or a new image with maybe other features.
Anyway, the situation looks better, the step from Cisco is postive.
L2TP configuration should be fine if you can deploy it, I have the L2TP config here deployed in all HTCs with Android and the IP address plan as well the user profiles is fully transparent to the user, I mean, quite smooth, same usernames, for the ipsec vpns aswell the l2tp, same ips -means no changes per ip/user un the firewall-, automatic next-hop routing with RIP... pretty pretty smooth.
Maybe a commercial idea would be to do VPN gateways for this issue and sell services but I think I was checking that and it is being sold right now over the net, and also, who would like to finish the VPN in a third party box? not me.
PD: I would like a pure VPN Cisco VPN client and support for Novell GroupWise but... c'est la vie.
06-30-2011 05:31 AM
Cisco would like to be able to offer AnyConnect for ALL Android platforms as it would have been roughly the same amount of engineering work for us as supporting our first partner. Unfortunately this is not possible as stock Android (both Gingerbread and Honeycomb) do not allow for 3rd party VPN clients.
If you would like to put in a kind word for this request, you may do so at:
06-29-2011 07:14 AM
Here are extracts from ASA 8.4(2) release notes that mention Androids if it helps, see: http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html:
New features in 8.4(2)
New features in 8.4(1)
06-29-2011 01:46 PM
Cisco has released AnyConnect for Samsung Android. It is supported on various Samsung platforms (described in the Application Description) and can be obtained from the Android Market at:
https://market.android.com/details?id=com.cisco.anyconnect.vpn.android
07-11-2011 06:17 AM
I tried the AnyConnect app on a Samsung Galaxy Tab 7. Prior to this weekend the tab was running the older version of Android (2.2) and wouldn't run it. They released 2.4 over the weekend (at least that when my tablet got it) and I installed it. The app runs now, attempts to login, but gives an error that it's missing the "TunTap driver."
Is this something Cisco will correct, or does something else need to be installed? According to the application description AnyConnect will work this device with Android 2.3 or later.
07-11-2011 07:58 AM
Hi Andrew,
We have raised this to the attention of Samsung. Unfortunately Cisco does not have permissions on the system to run tuntap (tun.ko) as it must be launched with special permissions by the OS itself. Once we hear back from them to determine if this will get corrected and if so when, we will let you know. (I assume this is the Tab 7 on Sprint you experiencing this on)
Best Regards,
Pete Davis
07-13-2011 05:45 AM
Hi,
I have downloaded from the market any connect for rooted devices. I have tried to use it but got some issues. If I try to connect it comes up with the following message: ‘Please verify server certificate’. If I touch details button, then I see all the details about the VPN I try to connect to (VPN 3000 Concentrator). If I touch the accept button then I gets the following error message: error processing data received from secure getway.
I am sure the issue is with me as I do not know where to I need to load the profiles *.pcf files what we use on laptops.
Can anyone help what would I need to do to be able to get this work?
Thanks
Balázs Banics
07-13-2011 05:56 AM
Hi Balazs,
the VPN3000 concentrator certificate ( that it presents to the client ) is not trusted, so you probably need to add it to the trusted certificate store on the Android. The second issue is that, although VPN3000 supports SSL VPN, it does not support the AnyConnect for Android. Checck out the AnyConnect for Android Release notes for the details on the supported Platforms on this link :
Regards, Marko
07-13-2011 06:25 AM
Dear Marko,
many thanks for your prompt reply, but how can I transfer / add the pcf file to Android trusted certificate store?
Best regards,
Balázs
07-13-2011 09:31 AM
The VPN 3000 is an EoL'ed product family. It does not support AnyConnect on any operating system. You would want to upgrade to the ASA to leverage AnyConnect.
07-27-2011 12:08 PM
If you would like to put in a good word for Google providing the necessary hooks for Cisco AnyConnect support, please feel free to direct your comments to:
http://code.google.com/p/android/issues/detail?id=9160
http://code.google.com/p/android/issues/detail?id=3902
Ensure that you 'star' (or 'up-votes') the topic so that the issues are more prominent on the bug rankings. Only adding comments will not increase the visibility of the issue.
08-17-2011 09:37 AM
Apple's client is designed to be compatible with the Cisco Easy VPN (like the Cisco VPN Client), while Android provides a generic L2TP/IPsec client only.
08-18-2011 06:59 AM
Is Cisco AnyConnect considered as an L2TP/IPSec VPN client?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide