Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Is Cisco VPN posible for Windows Phone 8.1


Microsoft released Windows Phone 8.1 on April and it supports VPN connections.

So I would like to ask:

Is Cisco going to release Anyconnect Secure Mobility Client for Windows Phone 8.1?

Maybe someone managed to make clientless connection with ASA 9.1( for example IKEv2 or SSL-VPN) ?

Or should I abandon idea of connecting WP 8.1 with ASA?


Everyone's tags (1)

Hi  aurimas88 , Looks like

Hi  aurimas88 ,


Looks like AnyConnect Secure Mobility Client 2.5  is supported for windows phone , however W 8.1 mobile has not been tested by Cisco , We cannot guarantee compatibility. 

AnyConnect Secure Mobility Client 3.0 Windows Mobile Devices Not Supported

AnyConnect version 3.0 and later do not support Microsoft Windows Mobile or Windows Phone. However, you can continue to use the ASA to deploy the AnyConnect 2.5 or earlier client for Windows Mobile even after loading the AnyConnect 3.0 package files to the ASA for web deployment.

AnyConnect Secure Mobility Client 2.5 Windows Mobile Devices Supported

We designed AnyConnect 2.5 for compatibility with Windows Mobile 6.5, 6.1, 6.0 and 5.0 Professional and Classic for touch-screens only. Users have reported success with most touch-screens running these versions of Windows Mobile. However, to ensure interoperability, we guarantee compatibility only with the devices we test, as follows:

HTC Imagio running Windows Mobile 6.5
HTC Tilt 2 running Windows Mobile 6.5
HTC Touch running Windows Mobile 6.0
HTC TyTN running Windows Mobile 5.0
Samsung Epix running Windows Mobile 6.1
Samsung Omnia Pro 4 running Windows Mobile 6.5
Samsung Omnia running Windows Mobile 6.1
Samsung Saga running Windows Mobile 6.1




Hope this helps 


New Member

Thanks for reply rvarelac,but

Thanks for reply rvarelac,

but Windows mobile 6.x in these times should be considered ancient and it is not supported on new NOKIA and HTC smartphones.

So I guess, no VPN for Windows Phone 8.1 from Cisco.


New Member

hi,I just successfully setup


I just successfully setup VPN from window phone 8.1 using L2TP with IPsec (just appear in windows phone 8.1). I found out alot of Google but have no helpful material so it took me 4 day to configure and troublebleshoot. I'd like to share to everyone:

  • server: ASA 5510, boot image: 9.1(5), ASDM:7.3(1)
  • client: lumina 520

the userguide for setup L2TP/IPsec general here: 

Just some most important notes you have done:

1. intercept DHCP Configuration message from Micrsoft client

2.create service policy rule with tcp-map have option not check: Drop packets  that exceed  maximum message size. Refer:

3. edit mss-tcp to lower through command line. Refer:

New Member

Too bad our network guys don

Too bad our network guys don't have WPs...they said, 'uh, no'

New Member

hi,I try to configure L2TP


I try to configure L2TP for WP 8.1 and get the error

Phase 1: failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 5

Can you give me a hint how to solve this?

Thank you very much!

New Member

try to use group 2, instead

try to use group 2, instead of group 5 in configure VPN in ASA


New Member

I just went through figuring

I just went through figuring this out also, but with ASA version 8.2(5) and a Lumia 1520. I just got WP Denim a few weeks ago, prior to that only IKEv2 was available on the phone. Here's the config I ended up with:


ip local pool wp-pool xxxx

crypto ipsec transform-set 3DES-WP esp-3des esp-sha-hmac
crypto ipsec transform-set 3DES-WP mode transport

crypto dynamic-map My_Admin_Map 10 set transform-set 3DES-WP

crypto map Main_Map 65535 ipsec-isakmp dynamic My_Admin_Map 


crypto isakmp policy 50
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 28800

group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol l2tp-ipsec

username username password password ms-chap

tunnel-group DefaultRAGroup general-attributes
 address-pool wp-pool
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key xxxx
tunnel-group DefaultRAGroup ppp-attributes
 authentication ms-chap-v2

I didn't configure split tunnel on the ASA, I used the "IP Ranges" feature on the WP client.


Using the default group configuration broke existing VPN configurations, but I don't know any other way of doing it. I added a couple of commands to the other groups to get around it.


I couldn't find anything that worked other than 3DES, so that's a bit annoying.


I'm not recommending this setup, I'm just saying it works.

New Member

Help me please configured my

Help me please configured my Lumia 925 because I can not connect to my company Cisco router via VPN. This is my device.

New Member

That's a shame Cisco, that

That's a shame Cisco, that you make an Anyconnect client for Android, and iOS.  But, nothing for Windows RT 8.1, or Windows Phone 8.1.  No one cares about a client for Windows Mobile, which has not been on a new phone for 4 years.....

New Member

Cisco, like many companies

Cisco, like many companies these days, simply refuses to communicate with its customers or reps. Our Cisco rep is as clueless as us.

Cisco, get cracking.



Cisco Employee

AnyConnect open beta program

AnyConnect open beta program for Windows Phone 8.1


We are pleased to announce the start of the AnyConnect beta program for Windows Phone 8.1.


Customers can access AnyConnect via the Windows Store at:


The release notes with a list of open issues and limitations are published at:


Please direct any questions/feedback/problem reports to:

Support is not provided by the Cisco TAC for the beta program.

New Member

Hi Peter,I have a Lumia 830

Hi Peter,

I have a Lumia 830 running WP 8.1.  The OS version is 8.10.14234.375.  I downloaded the beta and installed it.  However when I try setting VPN up, choosing the AnyConnect option, no matter what configuration information is entered the "save" button is greyed out.  So not able to use it.  Can you please look into this.



Cisco Employee

Unfortunately the user

Unfortunately the user interface is a little confusing and is not in Cisco's control.  You need to de-select "Connect Automatically".  If selected (default) and not configured, the OS greys out the Save button.

New Member

Thanks very much for the

Thanks very much for the prompt reply, Peter.

Yes, turning off "Connect Automatically" solved the grey out problem.

However I am getting "Connection Error: 2250" without any description.

Can you please guide me on how to go about resolving this?



Cisco Employee

We are expecting most

We are expecting most instances of 2250 errors to get resolved in our next beta update over the next few weeks.  There are various causes for this error message, the most common is an ASA running a SW version earlier than 9.2.1, but this is not the only cause. Unfortunately as an end user, there is nothing you can do to workaround this, you will need to wait for our next update where we should have a fix in place for most of these 2250 error conditions.

New Member

Thanks, Peter.  I will await

Thanks, Peter.  I will await the next update then.  (Would I get an email alert once the update is ready? :-)).



New Member

Hi Peter,Today I got an

Hi Peter,

Today I got an update to the Beta.  After installing it the 2250 error has gone away but getting this error message:

"Login denied, unauthorized connection mechanism, contact your administrator."

Any suggestions?  Thanks.



Cisco Employee

This message means that your

This message means that your company has set up a specific Dynamic Access Policy (DAP) rule restricting your access, perhaps it is only letting certain OS's on (i.e. Windows).  Only your IT department can relax this enforced rule to let you on.


New Member

Hi there, I have upgraded to

Hi there,

 I have upgraded to the latest versions and im still having the 2250 error when phones try to connect.

 Don't suppose you have any other suggestions?



Cisco Employee

Please contact us at ac

Please contact us at with a screenshot of your error and a FieldMedic (Enterprise) log report started before connecting and terminating after seeing the error.  Instructions on the FieldMedic logging process are in our release notes on

New Member

I have installed AnyConnect

I have installed AnyConnect Mobility Client for Windows Phone 8.1 on Microsoft Lumia 640 successfully. I also have successfully installed the non-Microsoft (self-generated and self-signed certificates which is used on my PC).

But, when I'm trying to create the new VPN connection using AnyConnect profile, I see only Microsoft certificates.

Where I lost my certificate and how can I agree it using?

Cisco Employee

Your end-user certificate

Your end-user certificate will not be seen in MS's UI, what you are seeing are a list of Server Certificates the phone has available to it for pinning head-end cert validation.  Keep that slider at Off and attempt a connection, make sure you set Connect Automatically to Off.  If you have further issues and need assistance, please contact us at for troubleshooting assistance.

New Member

I have a question about

I have a question about running cisco anyconnect on a windows 8.1 phone.  So i got anyconnect to work with username and pwd coming off of a SCEP Proxy Svr.  However, when i try and reconnect it using the proxy cert, it keeps prompting me with a username and password.  Is there anyway to use it with a Certificate instead of a username and pwd.

Cisco Employee

Please follow the

Please follow the instructions in the release notes to generate an enterprise Field Medic report.  Once you have started this prior to making your connection and stopped it afterwards, please email it to us with the information above (

CreatePlease to create content