Cisco is finally seeing the light when it comes to VPN support for Android’s. You may wonder why you would want VPN access from your Android device. Having VPN access from a mobile device means you can access basically access any company resource remotely (like a privately hosted Citrix environment, Windows Active Directory resources, Remote Desktop, VNC, etc). This is very handy for the typical network/system administrator or road-warrior.

So how do you get started?

First, the bad news, then the not-as-bad-news. Unfortunately, there isn’t full support yet for all Android devices. This means as of today, August 3rd 2011, the only way you can run this VPN software is by verifying each of the following sections below:

    Section 1

– Your  *Android device is rooted.

… or you have one of the following models

– Samsung Galaxy S model GT-I9000 (Gingerbread Maintenance Release)
– Samsung Galaxy S model SC-02B (Gingerbread Maintenance Release)
– Samsung Galaxy S II model GT-I9100
– Samsung Galaxy S II model SC-02C

AnyConnect is also supported on Samsung Galaxy Tab 7 running Android 2.3.3+ or Samsung Galaxy Tab 8.9 running Android 3.0+. Samsung Galaxy Tab 10.1 compatibility is expected once the Samsung TouchWiz MR is available for these devices.

* Cisco is unable to support Nexus-branded devices as these run stock Android, which does not support 3rd party VPN products.


    Section 2

Now you’ve determined if your device is supported. Next, you have to verify if your Cisco ASA firewall is licensed for “AnyConnect Mobile”, but you need an existing license for SSL connections:

The Mobile license is a fixed license on top of the existing number of licensed Secure Socket Layer (SSL) users. It can be used either with a Premium SSL VPN license or an AnyConnect Essentials license. To order the AnyConnect Mobile license for an existing unit with an SSL license, the part number is L-ASA-AC-M-55XX= (XX=05,10,20,40,50,80 depending on the model). This Mobile license can also be added as an option for new device purchases (ASA-AC-M-55XX).


    Section 3

If you have changed the kernel of your Android device, beware… you may be in for some trouble now! A kernel-specific file named “tun.ko” is required to make a VPN connection (among other things, I’m sure). I was running a non-stock kernel, and I was having trouble loading the tun.ko file for that specific kernel. I eventually changed back to the stock kernel, and that tun.ko file loaded with no problem. I may get into those details in “Part 1A” of this blog post.

    Initial review of the AnyConnect software

It runs flawlessly. It’s fast, easy to configure and use, and there have been no “Force Close” errors. However, the software insists on an icon sitting in the Notification bar! The only way to remove it is by rebooting the phone, but once you start the software again, the icon comes right back in place. I’m sure Cisco will get enough complaints from users about that and make the necessary updates. It is great though to see Cisco branching out beyond the Apple products for VPN support on mobile devices. Which by the way, that VPN client is built into the iOS (no additional software needed), and uses IPSec VPN technology (no additional SSL licensing needed).

Be Sociable, Share!