This action might not be possible to undo. Are you sure you want to continue?
Published: May 6, 2009, Part Number OL-19674-01
This document identifies the operating systems (OSs) and web browsers that a Cisco ASA 5500 series adaptive security appliance running Version 8.2(1) supports for the following VPN access options:
• • •
Cisco AnyConnect 2.3 Browser-based SSL VPN Cisco Secure Desktop 3.4.1 Host Scan, Secure Desktop (Vault), and Cache Cleaner.
The OSs and web browsers named in the following sections are the ones we have tested; however, others may work as well.
Compatibility with Windows 7 Beta
Cisco cannot officially support VPN access from Windows 7 until it releases; however, we have had encouraging results testing Windows 7 Beta (x86 and x64) with AnyConnect 2.3.20254; Cisco Secure Desktop 3.4.1 Host Scan and Cache Cleaner; and browser-based SSL VPN. Start before logon functions as expected with Windows 7 Beta Build 7077. Secure Desktop (Vault) tested well on Windows 7 Beta Build 7068; some earlier Windows 7 beta builds run Cache Cleaner instead.
Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
© 2009 Cisco Systems, Inc. All rights reserved.
RAM: – 128 MB for Windows 2000. version 3.) Fedora Core 4 through 9. – 512 MB for Windows Vista.2(1) 2 May 6.0+.AnyConnect Support for Computer Platforms AnyConnect Support for Computer Platforms AnyConnect VPN Client 2.5 or later (JRE 6 recommended). Windows 2000 SP4. AnyConnect does not support virtualization software. Cisco ASA 5500 Series. Apple: Mac OS X 10. the user platform must match one of those in the “Browser-based SSL VPN Support for Computer Platforms” section. we have not tested AnyConnect with Red Hat Linux 5. preferably JRE 6. • • Cisco AnyConnect Client. you must first install Sun Microsystems JRE. Windows XP SP2 or later.5 Linux 50 MB hard disk space required AnyConnect supports Linux Kernel releases 2. and 64-bit architectures that support biarch (that is. Version 8. Update 5 or higher. – 256 MB for Windows XP. (As of publication.4 and 10. If you are using Internet Explorer.and 64-bit Microsoft Windows Vista SP2. supports any browser. To use Fedora 9 with the AnyConnect client. Red Hat Enterprise Linux 3 or 4. The following Linux distributions follow the AnyConnect Linux Requirements and work with the AnyConnect Client: • • • Ubuntu 7 and 8 (32-bit only).3 supports the following computers.0+ or Firefox 2.6 on 32-bit architectures.1. when launched as a standalone client.0. that run 32-bit code). • • • Microsoft Installer. use Internet Explorer 6. x64 or x86 processors on Windows XP and Windows Vista. use version 5. 5 MB hard disk space. Pentium class processor or greater. For WebLaunch. Update 1. or Vista SP1 with KB952876.4 and 2.1. and enable ActiveX or install Sun JRE 5. Service Pack 2 or later. Slackware 11 or 12.1. or Parallels Desktop for Mac OS. however to install AnyConnect through a web browser (WebLaunch). Supported VPN Platforms. openSuSE 10 or SuSE 10. OSs Microsoft Windows: • Notes Requirements • • • • 32. 2009 . such as VMware on any platform.
6.AnyConnect Support for Touchscreens Running Windows Mobile AnyConnect Support for Touchscreens Running Windows Mobile Cisco designed AnyConnect 2.27-RWE Windows Mobile 6.3 for compatibility with touchscreens running Windows Mobile 6.531. Version 8.01-NAE Windows Mobile 6.502.57.1 Professional Wi-Fi iPAQ 2790 Windows Mobile 5.03-SPNT Treo Pro: • • Windows Mobile 6.1.H: • • Supported VPN Platforms.0 Professional — — AT&T TREO750-2.15-SPNT Treo 750: • • • Windows Mobile 5.4 Note: TouchFLO must be disabled.00.01-NAE T-Mobile T850UNA-1. Device ATT Tilt 3. T-Mobile Wing 4. 2009 3 . Cisco ASA 5500 Series.0+AKU2 PDA Phone Windows Mobile 6.1 Professional Windows Mobile 6.09. and has specifically qualified the following devices.25-ATT T-Mobile TREO750-2.0 Classic OS Windows Mobile 6.8 Verizon 3.2 WWE Note: TouchFLO must be disabled.1 Verizon XV6800 with ROM: 1.57.0 and 5.0 Professional and Windows Mobile 6.0 Professional — Treo 700wx: Sprint TREO 700WX-1.1 WWE Windows Mobile 6.03.27-RWE AT&T TREO 750-2.0 Professional and Classic. Axim X51v with ROM: A03 (23092007 Windows Mobile 6.26.00.0 PocketPC Sprint Touch with ROM: 3.0 Professional Verizon 2.605.2(1) May 6.605.1 Professional AT&T T850UNA-1.1 Professional Treo 800: Sprint Treo 800w-1.651.
• • Apple: Mac OS X 10. including the DoD Common Access Card and SmartCard.2(1) 4 May 6. Linux Firefox 2. remote users must use AnyConnect. Windows XP SP2 or later and Windows 2000 SP4 require Microsoft hotfix to support Web Folders. ActiveX or Sun JRE 5. Windows Vista SP2.6. or Firefox 2.4 and 10. Specific requirements and limitations also apply to smart tunnel and port forwarding. or later.2(1) SSL VPN connections support connections from the following OSs and browsers. Web folders and smart tunnel do not support Linux. or Vista SP1 with KB952876 or later. Version 8. Certificate authentication.5 or later (JRE 6 recommended).Browser-based SSL VPN Support for Computer Platforms Browser-based SSL VPN Support for Computer Platforms ASAs running Version 8.0 or later. Windows 2000 SP4. 2009 . OSs Microsoft Windows: • Browser and Java Versions Feature Notes1 Microsoft Internet Explorer 6 and 7. For Microsoft Outlook Exchange communication using the MAPI protocol. Java 1.5 or later. Web folders do not support Mac OS. Specific requirements apply to port forwarding. 1. Cisco ASA 5500 Series. works with the Safari keychain only. Sun JRE 1.0 or later. Specific requirements and limitations also apply to smart tunnel and port forwarding. Windows XP SP2 or later.0 or later. Update 1.0 Windows Vista does not support Windows Shares (CIFS) Web Folders. or Firefox 2.0 or later.5 Safari 2. Supported VPN Platforms.
and 64-bit biarch (that is. The following table shows the Cisco Secure Desktop 3. glibc 2.465 (Build 15673.3. Note Smart tunnels. Cisco Secure Desktop Support for AnyConnect and Browser-based SSL Cisco Secure Desktop supports only AnyConnect and browser-based SSL VPN connections.1) with Pocket IE.2 or later. libcurl (with openssl support). openssl.0 (Build 14053) with Pocket IE.4 – 10.3.1.and 64-bit Mac OS X 10.3 and later with Safari.5 32.1.1702 (Build 14366. and port forwarding do not support mobile access. auto applet download. Module Host Scan Supported OSs • • • • • • • 32.20. plug-ins. Antivirus.0 5. 64-bit that can run 32-bit code) Linux with the following requirements: libxml2. Software Update 1. and e-mail proxy. Device HP iPAQ h4150 HP iPAQ hx2495b HTC p3600 PDA Phone iPhone OS and Browser Pocket PC 2003 and Windows CE 4.1. Cisco ASA 5500 Series.2(1) May 6. and libz.and 64-bit Microsoft Windows Vista SP2. Windows CE 5. Cisco has certified the following mobile devices. Windows Mobile 5.1 modules and the OSs they support. Supported VPN Platforms. Version 8.1) with Pocket IE. Neither the ASA administrator nor the user need do anything special to use browser-based SSL VPN with a certified mobile device.3. or Vista Service Pack 1 with KB952876 32-bit Windows XP SP2 or SP3 64-bit Windows XP SP2 32-bit Windows 2000 SP4 32. 2009 5 . and personal firewall applications (PDF alternatives to these spreadsheets). antispyware.Browser-based SSL VPN Support for Mobile Devices Browser-based SSL VPN Support for Mobile Devices You can access browser-based SSL VPN from your Pocket PC or other certified personal digital assistant (PDA). so the following SSL VPN features are not supported: application access. client/server plug-ins.0.4. The iPhone does not have a JRE and does not support SSL VPN.1.0 5.
Keystroke Logger Detection. Also.0 or later.5 or later and Firefox 2.0 or later. Note: AnyConnect does not support the Vault. libcurl (with openssl support).4 – 10.and 64-bit Windows Vista and later. 32-bit Windows 2000 SP4. 32.2(1) 6 May 6.0 or later.and 64-bit Windows XP SP2. and Host Emulation Detection Supported OSs (continued) 32-bit Windows Vista with KB935855 or Windows Vista SP1 (or later) must be installed.and 64-bit Mac OS X 10.5 with Safari 1.or 64-bit biarch Linux with libxml2. Original iPhone users can upgrade to the iPhone 2. 32-bit Windows XP SP2 and SP3. 32. 32-bit Windows 2000 SP4. and SafeNet – RADIUS. Version 8. Secure Desktop does not let Internet Explorer run outside the Vault on a host computer running Windows Vista. 32-bit Windows XP SP2 and SP3. Cisco ASA 5500 Series.3. 2009 . however you can use WebLaunch with Windows Vista. Features of the VPN Client include: • The following authentication types: – Pre-shared keys – Certificates – Xauth – One-time passwords.2 or later. The AnyConnect standalone client does not support the Vault on Windows Vista. WebLaunch requires Sun Java 1. 32. Entrust. Cache Cleaner 32. and libz.0 software to take advantage of this new capability. glibc 2. Rainbow. openssl. including both one-time password tokens and other types of xauth – RADIUS Expiry Supported VPN Platforms. including tokens such as RSA.IPsec Support for Nonmobile Clients Module Secure Desktop (Vault). or Firefox 2. IPsec Support for Nonmobile Clients All releases of the ASA support the following IPsec clients: • • • • • • • Cisco VPN Client Cisco ASA 5505 Cisco PIX 501 Firewall Cisco VPN 3002 hardware client Cisco IOS 8xx Series Microsoft L2TP/IPsec client Mac OS L2TP/IPsec client IPsec Support for Apple iPhone 3G The Apple iPhone 3G ships with advanced VPN Client capabilities for Cisco IPsec connectivity already installed.
ASA Support for Site to Site Connections The ASA supports site to site IPsec connections with Cisco peers. Nokia 6600 and Nokia E61. Cisco supports the Microsoft client. the respective vendors support the other clients. IPsec Support for Windows Mobile For Windows Mobile. Apani.2(x) software. and with third-party peers that comply with all relevant standards. 2009 7 . The VPN Client on the iPhone 3G supports pre-shared keys and certificates. but you can also use the 7.0 PDA and PDA Phone Apple iPhone The iPhone supports MS-CHAP v2 (preferred) for PPP. L2TP/IPsec Client Support for Mobile Devices The following mobile OS's support a built-in L2TP/IPsec client that Cisco has tested successfully with the ASA: • • • Microsoft Windows Mobile 2003 for Pocket PC PDA Microsoft Windows Mobile 5. Version 8. We highly recommend the 8. and pre-shared keys. Bluefire.0(x) software release or later. Some Windows Mobile 2003 (HP iPAQ h4150) and 5. Supported VPN Platforms. the following third-party vendors offer a VPN client that works with the ASA: Antha.0 (HP iPAQ hx 2495b) PDAs support enrollment with an available certificate authority server and can use certificate-based authentication.IPsec Support for Windows Mobile – Kerberos • • VPN load balancing (clustering) Split tunneling control The Cisco ASA 5500 series and PIX Firewalls work with the Cisco VPN Client on the iPhone.2(1) May 6. Nokia provides support for Symbian on the Nokia 92xx Communicator series.DE. Cisco ASA 5500 Series. Microsoft. IPsec Support offered by Other Mobile Devices Bluefire offers a version of the Palm Treo that has an IPsec client that works with the ASA. Windows mobile based handheld devices support MS-CHAP v1 and v2. and NCP. It has also been tested for MS-CHAP v1 and PAP support for PPP authentication.
AsyncOS. the Cisco logo. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Cisco TelePresence. Networking Academy. IronPort. MeetingPlace Chime Sound. DCE. (0903R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. CCNP. Aironet. CCSP. and/or its affiliates in the United States and certain other countries. Bringing the Meeting To You. Inc. CCNA. the Cisco Certified Internetwork Expert logo. EtherFast. SenderBase. ScriptShare. MGX. The use of the word partner does not imply a partnership relationship between Cisco and any other company. Supported VPN Platforms. Follow Me Browsing. CCENT. FormShare. CCIE. Cisco Eos. Linksys. Internet Quotient. MediaTone. Cisco Stackpower. and Access Registrar. SMARTnet. All rights reserved.2(1) 8 May 6. and figures included in the document are shown for illustrative purposes only. Cisco Systems. Cisco Nexus. PIX. 2009 . © 2009 Cisco Systems. Fast Step.ASA Support for Site to Site Connections CCDE. EtherSwitch. Cisco IOS. CCDA. the Cisco Systems logo. GigaDrive. Spectrum Expert. iPhone. CCDP. Catalyst. CCSI. Cisco WebEx. Inc. Cisco Systems Capital. Cisco Nurse Connect. All other trademarks mentioned in this document or website are the property of their respective owners. command display output. Cisco Unity. CCVP. Version 8. and the WebEx logo are registered trademarks of Cisco Systems. iQuick Study. Any examples. Cisco ASA 5500 Series. Event Center. Cisco StadiumVision. MeetingPlace. Network Registrar. ProConnect. The Fastest Way to Increase Your Internet Quotient. and Welcome to the Human Network are trademarks. TransPath. Cisco. PowerPanels. Cisco HealthPresence. Networkers. Cisco Press. PCNow. StackWise. the IronPort logo. Play. Cisco Lumin. WebEx. HomeLink. Live. LightStream. Changing the Way We Work. and Learn and Cisco Store are service marks. CCIP. Collaboration Without Limitation. IOS.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.