Microsoft released Windows Phone 8.1 on April and it supports VPN connections.
So I would like to ask:
Is Cisco going to release Anyconnect Secure Mobility Client for Windows Phone 8.1?
Maybe someone managed to make clientless connection with ASA 9.1( for example IKEv2 or SSL-VPN) ?
Or should I abandon idea of connecting WP 8.1 with ASA?
Hi aurimas88 ,
Looks like AnyConnect Secure Mobility Client 2.5 is supported for windows phone , however W 8.1 mobile has not been tested by Cisco , We cannot guarantee compatibility.
AnyConnect Secure Mobility Client 3.0 Windows Mobile Devices Not Supported
AnyConnect version 3.0 and later do not support Microsoft Windows Mobile or Windows Phone. However, you can continue to use the ASA to deploy the AnyConnect 2.5 or earlier client for Windows Mobile even after loading the AnyConnect 3.0 package files to the ASA for web deployment.
AnyConnect Secure Mobility Client 2.5 Windows Mobile Devices Supported
We designed AnyConnect 2.5 for compatibility with Windows Mobile 6.5, 6.1, 6.0 and 5.0 Professional and Classic for touch-screens only. Users have reported success with most touch-screens running these versions of Windows Mobile. However, to ensure interoperability, we guarantee compatibility only with the devices we test, as follows:
HTC Imagio running Windows Mobile 6.5
HTC Tilt 2 running Windows Mobile 6.5
HTC Touch running Windows Mobile 6.0
HTC TyTN running Windows Mobile 5.0
Samsung Epix running Windows Mobile 6.1
Samsung Omnia Pro 4 running Windows Mobile 6.5
Samsung Omnia running Windows Mobile 6.1
Samsung Saga running Windows Mobile 6.1
Hope this helps
Thanks for reply rvarelac,
but Windows mobile 6.x in these times should be considered ancient and it is not supported on new NOKIA and HTC smartphones.
So I guess, no VPN for Windows Phone 8.1 from Cisco.
I just successfully setup VPN from window phone 8.1 using L2TP with IPsec (just appear in windows phone 8.1). I found out alot of Google but have no helpful material so it took me 4 day to configure and troublebleshoot. I'd like to share to everyone:
the userguide for setup L2TP/IPsec general here: http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/l2tp_ips.html
Just some most important notes you have done:
1. intercept DHCP Configuration message from Micrsoft client
2.create service policy rule with tcp-map have option not check: Drop packets that exceed maximum message size. Refer: http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/65436-pix-asa-70-browse.html/.
3. edit mss-tcp to lower through command line. Refer: http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/82444-fragmentation.html#task2
I try to configure L2TP for WP 8.1 and get the error
Phase 1: failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 5
Can you give me a hint how to solve this?
Thank you very much!
I just went through figuring this out also, but with ASA version 8.2(5) and a Lumia 1520. I just got WP Denim a few weeks ago, prior to that only IKEv2 was available on the phone. Here's the config I ended up with:
ip local pool wp-pool xxxx
crypto ipsec transform-set 3DES-WP esp-3des esp-sha-hmac
crypto ipsec transform-set 3DES-WP mode transport
crypto dynamic-map My_Admin_Map 10 set transform-set 3DES-WP
crypto map Main_Map 65535 ipsec-isakmp dynamic My_Admin_Map
crypto isakmp policy 50
group-policy DfltGrpPolicy attributes
username username password password ms-chap
tunnel-group DefaultRAGroup general-attributes
tunnel-group DefaultRAGroup ipsec-attributes
tunnel-group DefaultRAGroup ppp-attributes
I didn't configure split tunnel on the ASA, I used the "IP Ranges" feature on the WP client.
Using the default group configuration broke existing VPN configurations, but I don't know any other way of doing it. I added a couple of commands to the other groups to get around it.
I couldn't find anything that worked other than 3DES, so that's a bit annoying.
I'm not recommending this setup, I'm just saying it works.
That's a shame Cisco, that you make an Anyconnect client for Android, and iOS. But, nothing for Windows RT 8.1, or Windows Phone 8.1. No one cares about a client for Windows Mobile, which has not been on a new phone for 4 years.....
Cisco, like many companies these days, simply refuses to communicate with its customers or reps. Our Cisco rep is as clueless as us.
Cisco, get cracking.
AnyConnect open beta program for Windows Phone 8.1
We are pleased to announce the start of the AnyConnect beta program for Windows Phone 8.1.
Customers can access AnyConnect via the Windows Store at:
The release notes with a list of open issues and limitations are published at:
Please direct any questions/feedback/problem reports to: firstname.lastname@example.org
Support is not provided by the Cisco TAC for the beta program.
I have a Lumia 830 running WP 8.1. The OS version is 8.10.14234.375. I downloaded the beta and installed it. However when I try setting VPN up, choosing the AnyConnect option, no matter what configuration information is entered the "save" button is greyed out. So not able to use it. Can you please look into this.
Unfortunately the user interface is a little confusing and is not in Cisco's control. You need to de-select "Connect Automatically". If selected (default) and not configured, the OS greys out the Save button.
Thanks very much for the prompt reply, Peter.
Yes, turning off "Connect Automatically" solved the grey out problem.
However I am getting "Connection Error: 2250" without any description.
Can you please guide me on how to go about resolving this?
We are expecting most instances of 2250 errors to get resolved in our next beta update over the next few weeks. There are various causes for this error message, the most common is an ASA running a SW version earlier than 9.2.1, but this is not the only cause. Unfortunately as an end user, there is nothing you can do to workaround this, you will need to wait for our next update where we should have a fix in place for most of these 2250 error conditions.
Today I got an update to the Beta. After installing it the 2250 error has gone away but getting this error message:
"Login denied, unauthorized connection mechanism, contact your administrator."
Any suggestions? Thanks.
This message means that your company has set up a specific Dynamic Access Policy (DAP) rule restricting your access, perhaps it is only letting certain OS's on (i.e. Windows). Only your IT department can relax this enforced rule to let you on.
I have upgraded to the latest versions and im still having the 2250 error when phones try to connect.
Don't suppose you have any other suggestions?
Please contact us at email@example.com with a screenshot of your error and a FieldMedic (Enterprise) log report started before connecting and terminating after seeing the error. Instructions on the FieldMedic logging process are in our release notes on Cisco.com.
I have installed AnyConnect Mobility Client for Windows Phone 8.1 on Microsoft Lumia 640 successfully. I also have successfully installed the non-Microsoft (self-generated and self-signed certificates which is used on my PC).
But, when I'm trying to create the new VPN connection using AnyConnect profile, I see only Microsoft certificates.
Where I lost my certificate and how can I agree it using?
Your end-user certificate will not be seen in MS's UI, what you are seeing are a list of Server Certificates the phone has available to it for pinning head-end cert validation. Keep that slider at Off and attempt a connection, make sure you set Connect Automatically to Off. If you have further issues and need assistance, please contact us at firstname.lastname@example.org for troubleshooting assistance.
I have a question about running cisco anyconnect on a windows 8.1 phone. So i got anyconnect to work with username and pwd coming off of a SCEP Proxy Svr. However, when i try and reconnect it using the proxy cert, it keeps prompting me with a username and password. Is there anyway to use it with a Certificate instead of a username and pwd.
Please follow the instructions in the release notes to generate an enterprise Field Medic report. Once you have started this prior to making your connection and stopped it afterwards, please email it to us with the information above (email@example.com).