Table Of Contents
Supported VPN Platforms, Cisco ASA 5500 Series, Version 8.2(1)
AnyConnect 2.4 Support for Computer Platforms
AnyConnect 2.3 Support for Computer Platforms
AnyConnect 2.3 and 2.4 Support for Touch-screens Running Windows Mobile
Browser-based SSL VPN Support for Computer Platforms
Browser-based SSL VPN Support for Mobile Devices
Cisco Secure Desktop Support for AnyConnect and Browser-based SSL
IPsec Support for Nonmobile Clients
IPsec Support for Apple iPhone 3G
IPsec Support for Windows Mobile
IPsec Support offered by Other Mobile Devices
L2TP/IPsec Client Support for Mobile Devices
ASA Support for Site to Site Connections
Supported VPN Platforms, Cisco ASA 5500 Series, Version 8.2(1)
Revised October 26, 2009. Part Number OL-19674-03This document identifies the operating systems (OSs) and web browsers that a Cisco ASA 5500 series adaptive security appliance running Version 8.2(1) supports for the following VPN access options:
•
Cisco AnyConnect 2.3 and 2.4
•
•
The OSs and web browsers named in the following sections are the ones we have tested; however, others may work as well.
AnyConnect 2.4 Support for Computer Platforms
AnyConnect VPN Client 2.4 supports the following computer OSs.
Microsoft Windows
AnyConnect 2.4 supports the following Windows OSs:
•
AnyConnect requires a clean install if you upgrade from Windows XP to Windows 7.
If you upgrade from Windows Vista to Windows 7, manually uninstall AnyConnect first, then after the upgrade, reinstall it manually or by establishing a web-based connection to a security appliance configured to install it. Uninstalling before the upgrade and reinstalling AnyConnect afterwards is necessary because the upgrade does not preserve the Cisco AnyConnect Virtual Adapter.
•
AnyConnect requires a clean install if you upgrade from Windows XP to Windows Vista.
•
Requirements
•
•
•
•
–
–
–
•
If you are using Internet Explorer, use version 5.0, Service Pack 2 or later. For WebLaunch, use Internet Explorer 6.0+ or Firefox 2.0+, and enable ActiveX or enable Sun JRE 5, Update 1.5 or later (JRE 6 recommended)
Apple
AnyConnect 2.4 supports the following versions of Mac OS:
•
•
50 MB hard disk space required
Linux
AnyConnect supports the following distributions:
•
•
We do not validate other Linux distributions. We will consider requests to validate other Linux distributions for which you experience issues, and provide fixes at our discretion.
AnyConnect supports only standalone installations on Linux.
See the AnyConnect Linux Requirements for AnyConnect 2.4.
AnyConnect 2.3 Support for Computer Platforms
AnyConnect VPN Client 2.3 supports the following computer OSs.
Microsoft Windows:
•
•
•
Requirements
•
•
•
•
–
–
–
•
If you are using Internet Explorer, use version 5.0, Service Pack 2 or later. For WebLaunch, use Internet Explorer 6.0+ or Firefox 2.0+, and enable ActiveX or install Sun JRE 5, Update 1.5 or later (JRE 6 recommended).
Apple: Mac OS X 10.4 and 10.5
50 MB hard disk space required
Linux
AnyConnect supports Linux Kernel releases 2.4 and 2.6 on 32-bit architectures, and 64-bit architectures that support biarch (that is, that run 32-bit code).
The following Linux distributions follow the AnyConnect Linux Requirements and work with the AnyConnect Client:
•
•
•
•
•
Cisco AnyConnect Client, when launched as a standalone client, supports any browser; however to install AnyConnect through a web browser (WebLaunch), the user platform must match one of those in the "Browser-based SSL VPN Support for Computer Platforms" section.
AnyConnect does not support virtualization software, such as VMware on any platform, or Parallels Desktop for Mac OS.
AnyConnect 2.3 and 2.4 Support for Touch-screens Running Windows Mobile
We designed AnyConnect 2.4 and 2.3 for compatibility with Windows Mobile 6.1, 6.0 and 5.0 Professional and Classic for touch-screens only. Users have reported success with most touch-screens running these versions of Windows Mobile. However, to ensure interoperability, we guarantee compatibility only with the devices we test. The following table lists the supported devices with their corresponding service providers and supported operating system versions.
Browser-based SSL VPN Support for Computer Platforms
ASAs running Version 8.2(1) SSL VPN connections support connections from the following OSs and browsers.
Microsoft Windows:
•
•
•
Microsoft Internet Explorer 6 and 7, or Firefox 2.0 or later.
ActiveX or Sun JRE 5, Update 1.5 or later (JRE 6 recommended).
Windows Vista does not support Windows Shares (CIFS) Web Folders.
Windows XP SP2 or later and Windows 2000 SP4 require Microsoft hotfix to support Web Folders.
Specific requirements and limitations also apply to smart tunnel and port forwarding.
Apple: Mac OS X 10.4 and 10.5
Safari 2.0 or later, or Firefox 2.0 or later.
Sun JRE 1.5 or later.
Certificate authentication, including the DoD Common Access Card and SmartCard, works with the Safari keychain only.
Web folders do not support Mac OS.
Specific requirements and limitations also apply to smart tunnel and port forwarding.
Linux
Firefox 2.0 or later.
Java 1.6.0 or later.
Web folders and smart tunnel do not support Linux.
Specific requirements apply to port forwarding.
1 For Microsoft Outlook Exchange communication using the MAPI protocol, remote users must use AnyConnect.
Browser-based SSL VPN Support for Mobile Devices
You can access browser-based SSL VPN from your Pocket PC or other certified personal digital assistant (PDA). Neither the ASA administrator nor the user need do anything special to use browser-based SSL VPN with a certified mobile device. Cisco has certified the following mobile devices.
Note
Cisco Secure Desktop Support for AnyConnect and Browser-based SSL
Cisco Secure Desktop supports only AnyConnect and browser-based SSL VPN connections. The following table shows the Cisco Secure Desktop 3.4.1 modules and the OSs they support.
Host Scan
•
•
•
•
•
•
•
•
Secure Desktop (Vault), Keystroke Logger Detection, and Host Emulation Detection
32-bit Windows Vista with KB935855 or Windows Vista SP1 (or later) must be installed. The AnyConnect standalone client does not support the Vault on Windows Vista; however you can use WebLaunch with Windows Vista. Also, Secure Desktop does not let Internet Explorer run outside the Vault on a host computer running Windows Vista.
32-bit Windows XP SP2 and SP3.
32-bit Windows 2000 SP4.
Note: AnyConnect does not support the Vault.
Cache Cleaner
32- and 64-bit Windows Vista and later.
32-bit Windows XP SP2 and SP3.
32- and 64-bit Windows XP SP2.
32-bit Windows 2000 SP4.
32- and 64-bit Mac OS X 10.4 - 10.5 with Safari 1.0 or later, or Firefox 2.0 or later.
32- or 64-bit biarch Linux with libxml2, libcurl (with openssl support), openssl, glibc 2.3.2 or later, and libz. WebLaunch requires Sun Java 1.5 or later and Firefox 2.0 or later.
IPsec Support for Nonmobile Clients
All releases of the ASA support the following IPsec clients:
•
•
•
•
•
•
•
IPsec Support for Apple iPhone 3G
The Apple iPhone 3G ships with advanced VPN Client capabilities for Cisco IPsec connectivity already installed. Original iPhone users can upgrade to the iPhone 2.0 software to take advantage of this new capability. Features of the VPN Client include:
•
–
–
–
–
–
–
–
•
•
The Cisco ASA 5500 series and PIX Firewalls work with the Cisco VPN Client on the iPhone. We highly recommend the 8.0(x) software release or later, but you can also use the 7.2(x) software.
IPsec Support for Windows Mobile
For Windows Mobile, the following third-party vendors offer a VPN client that works with the ASA: Antha, Apani, Bluefire, Microsoft, and NCP.DE. Cisco supports the Microsoft client; the respective vendors support the other clients.
IPsec Support offered by Other Mobile Devices
Bluefire offers a version of the Palm Treo that has an IPsec client that works with the ASA.
Nokia provides support for Symbian on the Nokia 92xx Communicator series, Nokia 6600 and Nokia E61.
L2TP/IPsec Client Support for Mobile Devices
The following mobile OS's support a built-in L2TP/IPsec client that Cisco has tested successfully with the ASA:
•
•
•
The iPhone supports MS-CHAP v2 (preferred) for PPP. It has also been tested for MS-CHAP v1 and PAP support for PPP authentication. The VPN Client on the iPhone 3G supports pre-shared keys and certificates.
Windows mobile based handheld devices support MS-CHAP v1 and v2, and pre-shared keys.
Some Windows Mobile 2003 (HP iPAQ h4150) and 5.0 (HP iPAQ hx 2495b) PDAs support enrollment with an available certificate authority server and can use certificate-based authentication.
ASA Support for Site to Site Connections
The ASA supports site to site IPsec connections with Cisco peers, and with third-party peers that comply with all relevant standards.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Pulse, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Fast Step, Follow Me Browsing, FormShare, GainMaker, GigaDrive, HomeLink, iLYNX, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0908R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2009 Cisco Systems, Inc. All rights reserved.
Guest
