Last month Cisco announced the release of it Anyconnect SSLVPN client for Android devices. The Android Anyconnect client is available for download on the Android Market. This client is based on the 2.4 version of the Anyconnect PC agent. As such it supports the following major features:
DTLS, certificate authentication and enrollment, two-factor authentication, Widgets, GUI Theming, auto-reconnect, 3G-wifi seamless roaming, full tunneling, split tunneling, and full statistics and debug logs on the device. See a screenshot of the client below.
Here is a look at the widget for Anyconnect
Sample of the messages log
Galaxy S model GT-I9000
Galaxy S model SC-02B
Galaxy S II model GT-I9100
Galaxy S II model SC-02C
AnyConnect is also supported on Tab 7 running Android 2.3.3+ or Galaxy Tabs 8.9 and 10.1 running Android 3.0+.
On the Cisco ASA VPN headend device you will need code 8.0(4) or later, (8.4.2 is recommended), a mobile devices license, and either a SSLVPN essentials or premium license.
From a configuration point of view on the ASA, nothing special needs to be done to allow the new Android devices to connect to it. You can of course setup a separate tunnel group if you want but that is not required. You can also add a dynamic access policy (DAP) check that will match when an Android Anyconnect client connects. This is new in ASA 8.4.2 code. This DAP policy can then restrict and allow traffic into your network.
The Anyconnect client will also likely work on any rooted Android device as well. You should see a special Android rooted anyconnect client on the app market. (I am not in any way advocating you root your Android device however)
You can download the client here. Currently the client is only available on the Android market and not anywhere else.
Anyconnect Android User Guide
The opinions and information presented here are my PERSONAL views and not those of my employer. I am in no way an official spokesperson for my employer.
More from Jamey Heary:
* Credit Card Skimming: How thieves can steal your card info without you knowing it
* Google Nexus One vs. Top 10 Phone Security Requirements
* Why you should always shred your boarding pass
* Video rental records are afforded more privacy protections than your online data
* The truth about new SSL attacks
* 2009 Top Urban Legends in IT Security/a>
Go to Jamey’s Blog for more articles on security.
Jamey Heary, CCIE #7680, sits on the PCI Security Standards Council- Board of Advisors where he provides strategic and technical guidance for future PCI standards. Jamey is the author of Cisco NAC Appliance: Enforcing Host Security with Clean Access. (Check out all of Jamey Heary's books from Cisco Press.) He also has a patent pending on a new DDoS mitigation technique.
Jamey sits on several security advisory boards for Cisco Systems and is a founding member of the Colorado Healthcare InfoSec Users Group. He is an experienced speaker who is recognized as an expert in network security architecture, regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and he is a Certified HIPAA Security Professional. He has been working in the IT field for 15 years and in IT security for 10 years. Jamey is currently a Distinguished Systems Engineer at Cisco Systems.