Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Android Known Limitations, Common Problems, Answers, and Solutions with Cisco AnyConnect Secure Mobility Client


The Cisco AnyConnect Secure Mobility Client, also known as the Cisco AnyConnect VPN Client, is a software application for connecting to a Virtual Private Network (VPN) that works on various operating systems and hardware configurations. This software application makes it possible for remote resources of another network become accessible as if the user is directly connected to the network, but in a secure way. Cisco AnyConnect Secure Mobility Client provides an innovative way to protect mobile users on computer-based or smart-phone platforms, providing a more seamless, always-protected experience for end users, and comprehensive policy enforcement for an IT administrator.

When installing the Cisco AnyConnect Secure Mobility Client on Android devices, common errors may occur and basic troubleshooting may be needed for a successful setup. To know more about basic troubleshooting on common installation errors, click here.

The objective of this document is to show you the limitations, common problems, answers, and solutions on Android devices with Cisco AnyConnect Secure Mobility Client.

Software Version

  • 4.4

Android Limitations, Common Problems, Answers, and Solutions

Common Android Questions, Answers, Problems and Solutions

1. Why do I receive a tun.ko error message?

Answer: A tun.ko module is required if it is not already compiled into the kernel. If it is not included on the device or compiled with the kernel, obtain or build it for your corresponding device kernel and place it in the /data/local/kernel_modules/ directory.

2. I cannot edit or delete some connection entries. What should I do?

Answer: Your administrator defined these connection entries in the AnyConnect Profile. For instructions on how to delete these profiles, click here.

3. My device is working properly but I am getting an error when connecting. What should I do?

Answer: Ask your administrator if the VPN secure gateway is configured and licensed to permit mobile connections.

4. Why am I getting this AnyConnect error: “Could not obtain the necessary permissions to run this application. This device does not support AnyConnect.”?

Answer: AnyConnect does not work on this device. Review the list of supported Android devices and instructions for installing or upgrading AnyConnect to download the proper AnyConnect package for your device.

5. Why does authentication using a one-time password not working?

Answer: Due to an Android issue, when pasting text from the clipboard, a space is inserted in front of the text. In AnyConnect, when copying text such as a one-time password, the user has to delete this erroneous white space.

6. Certificate-based authentication does not work.

Solution: Check the validity and expiration of the certificate if you succeeded with it before. To do so, go to the AnyConnect home window, long-press the connection entry, and tap Certificate. The Certificates window lists all certificates. Long-press the certificate name and tap View Certificate Details. Check with your administrator to make sure that you are using the appropriate certificate for the connection.

7. I cannot connect to Adaptive Security Appliance (ASA) and I am getting unresolvable host error.

Solution: Use an Internet browser to check the network connection. To verify network connectivity, go to, where is the URL of the VPN secure gateway.

8. AnyConnect package fails to install from the Market.

Solution: Ensure that the device is listed as one of the Supported Android Devices.

9. I am getting an “Installation Error: Unknown reason -8”.

Solution: If you attempt to install a brand-specific AnyConnect package on devices that are not supported, you may receive this message. Review the list of supported Android devices and instructions for installing or upgrading AnyConnect to download the proper AnyConnect package for your device.

10. I cannot email logs because of a network connectivity issue.

Solution: Try another Internet-accessible network. Save the log messages in a draft email message if you do not have network connectivity or you need to reset the device.

11. AnyConnect frequently connects by itself.

Solution: This may be due to your Trusted Network Detection or Automatic VPN Policy. Disable the Trusted Network Detection (TND) application preference in the AnyConnect settings to turn this functionality off.

12. Connection timeouts and unresolved hosts.

Solution: Internet connectivity issues, a low-cell signal level, and a congested network resource are typical causes of timeouts and unresolved host errors. Try moving to an area with a stronger signal or use Wi-Fi. If a Wi-Fi network is within reach, try using your device Settings app to establish a connection to it first. Retrying multiple times in response to timeouts often results in success.

Guidelines and Limitations for AnyConnect on Android

  • AnyConnect for Android supports only the features that are strictly related to remote access.
  • The ASA does not provide distributions and updates for AnyConnect for Android. They are available only on the Google Play Store.
  • AnyConnect for Android supports connection entries that the user adds and connection entries populated by an AnyConnect profile pushed by an ASA. The Android device supports no more than one AnyConnect profile, which is the last one received from a headend. However, a profile can consist of multiple connection entries.
  • If users attempt to install AnyConnect on devices that are not supported, they receive the pop-up message Installation Error: Unknown reason -8. This message is generated by the Android operating system.
  • When users have an AnyConnect widget on their home screen, the AnyConnect services are automatically started (but not connected) regardless of the "Launch at startup" preference.
  • AnyConnect for Android requires UTF-8 character encoding for extended ASCII characters when using pre-fill from client certificates. The client certificate must be in UTF-8 if you want to use prefill.
  • AnyConnect blocks voice calls if it is sending or receiving VPN traffic over an EDGE connection per the inherent nature of EDGE and other early radio technology.
  • Some known file compression utilities do not successfully decompress log bundles packaged with the use of the AnyConnect Send Log button. As a workaround, use the native utilities on Windows and Mac OS X to decompress AnyConnect log files.