This action might not be possible to undo. Are you sure you want to continue?
Published: May 6, 2009, Part Number OL-19674-01
This document identifies the operating systems (OSs) and web browsers that a Cisco ASA 5500 series adaptive security appliance running Version 8.2(1) supports for the following VPN access options:
• • •
Cisco AnyConnect 2.3 Browser-based SSL VPN Cisco Secure Desktop 3.4.1 Host Scan, Secure Desktop (Vault), and Cache Cleaner.
The OSs and web browsers named in the following sections are the ones we have tested; however, others may work as well.
Compatibility with Windows 7 Beta
Cisco cannot officially support VPN access from Windows 7 until it releases; however, we have had encouraging results testing Windows 7 Beta (x86 and x64) with AnyConnect 2.3.20254; Cisco Secure Desktop 3.4.1 Host Scan and Cache Cleaner; and browser-based SSL VPN. Start before logon functions as expected with Windows 7 Beta Build 7077. Secure Desktop (Vault) tested well on Windows 7 Beta Build 7068; some earlier Windows 7 beta builds run Cache Cleaner instead.
Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
© 2009 Cisco Systems, Inc. All rights reserved.
2(1) 2 May 6. supports any browser. To use Fedora 9 with the AnyConnect client. For WebLaunch. we have not tested AnyConnect with Red Hat Linux 5. use Internet Explorer 6.1. Pentium class processor or greater. when launched as a standalone client.5 or later (JRE 6 recommended). (As of publication. 2009 . Windows XP SP2 or later. or Vista SP1 with KB952876. Update 5 or higher. that run 32-bit code). Red Hat Enterprise Linux 3 or 4.AnyConnect Support for Computer Platforms AnyConnect Support for Computer Platforms AnyConnect VPN Client 2. version 3. Slackware 11 or 12. AnyConnect does not support virtualization software. Service Pack 2 or later.1.) Fedora Core 4 through 9. – 512 MB for Windows Vista. the user platform must match one of those in the “Browser-based SSL VPN Support for Computer Platforms” section. you must first install Sun Microsystems JRE. or Parallels Desktop for Mac OS.0+ or Firefox 2. however to install AnyConnect through a web browser (WebLaunch). 5 MB hard disk space.5 Linux 50 MB hard disk space required AnyConnect supports Linux Kernel releases 2.6 on 32-bit architectures.and 64-bit Microsoft Windows Vista SP2. RAM: – 128 MB for Windows 2000. • • Cisco AnyConnect Client. use version 5. Update 1. The following Linux distributions follow the AnyConnect Linux Requirements and work with the AnyConnect Client: • • • Ubuntu 7 and 8 (32-bit only). x64 or x86 processors on Windows XP and Windows Vista.0+. preferably JRE 6. Apple: Mac OS X 10.1. OSs Microsoft Windows: • Notes Requirements • • • • 32. Version 8. and 64-bit architectures that support biarch (that is. openSuSE 10 or SuSE 10. If you are using Internet Explorer. and enable ActiveX or install Sun JRE 5. Cisco ASA 5500 Series.4 and 2. • • • Microsoft Installer.4 and 10.3 supports the following computers.0. Windows 2000 SP4. such as VMware on any platform. – 256 MB for Windows XP. Supported VPN Platforms.
0 and 5.1 WWE Windows Mobile 6.502.0 Professional and Windows Mobile 6. Axim X51v with ROM: A03 (23092007 Windows Mobile 6.26.0 Professional — — AT&T TREO750-2.27-RWE Windows Mobile 6.605.03.00.1 Professional Treo 800: Sprint Treo 800w-1.0 Professional — Treo 700wx: Sprint TREO 700WX-1. 6.651.0 Classic OS Windows Mobile 6.1 Professional AT&T T850UNA-1.2(1) May 6.2 WWE Note: TouchFLO must be disabled.1.57.0+AKU2 PDA Phone Windows Mobile 6.0 PocketPC Sprint Touch with ROM: 3. Cisco ASA 5500 Series. 2009 3 .1 Professional Wi-Fi iPAQ 2790 Windows Mobile 5.605.00.0 Professional Verizon 2.27-RWE AT&T TREO 750-2.0 Professional and Classic. and has specifically qualified the following devices.25-ATT T-Mobile TREO750-2.1 Professional Windows Mobile 6.3 for compatibility with touchscreens running Windows Mobile 6. Device ATT Tilt 3.15-SPNT Treo 750: • • • Windows Mobile 5. Version 8.H: • • Supported VPN Platforms.03-SPNT Treo Pro: • • Windows Mobile 6.09.8 Verizon 3. T-Mobile Wing 4.01-NAE Windows Mobile 6.57.1 Verizon XV6800 with ROM: 1.AnyConnect Support for Touchscreens Running Windows Mobile AnyConnect Support for Touchscreens Running Windows Mobile Cisco designed AnyConnect 2.01-NAE T-Mobile T850UNA-1.4 Note: TouchFLO must be disabled.531.
Update 1. Java 1. Sun JRE 1. or Firefox 2. Windows Vista SP2. Version 8. ActiveX or Sun JRE 5. Cisco ASA 5500 Series. 1. Windows 2000 SP4.6. remote users must use AnyConnect.0 or later. • • Apple: Mac OS X 10.5 Safari 2. including the DoD Common Access Card and SmartCard.5 or later. Certificate authentication. or Vista SP1 with KB952876 or later. Specific requirements apply to port forwarding.2(1) 4 May 6.0 Windows Vista does not support Windows Shares (CIFS) Web Folders.4 and 10. For Microsoft Outlook Exchange communication using the MAPI protocol.0 or later. works with the Safari keychain only.0 or later. Web folders and smart tunnel do not support Linux.Browser-based SSL VPN Support for Computer Platforms Browser-based SSL VPN Support for Computer Platforms ASAs running Version 8. Specific requirements and limitations also apply to smart tunnel and port forwarding. OSs Microsoft Windows: • Browser and Java Versions Feature Notes1 Microsoft Internet Explorer 6 and 7. Windows XP SP2 or later. Specific requirements and limitations also apply to smart tunnel and port forwarding. 2009 . Supported VPN Platforms. Windows XP SP2 or later and Windows 2000 SP4 require Microsoft hotfix to support Web Folders. or Firefox 2. Linux Firefox 2. or later.2(1) SSL VPN connections support connections from the following OSs and browsers.0 or later. Web folders do not support Mac OS.5 or later (JRE 6 recommended).
Neither the ASA administrator nor the user need do anything special to use browser-based SSL VPN with a certified mobile device. 64-bit that can run 32-bit code) Linux with the following requirements: libxml2.1.2 or later. Software Update 1.1. glibc 2. plug-ins.1702 (Build 14366. Version 8. antispyware. Note Smart tunnels.0 5. and libz. Supported VPN Platforms. Device HP iPAQ h4150 HP iPAQ hx2495b HTC p3600 PDA Phone iPhone OS and Browser Pocket PC 2003 and Windows CE 4. The following table shows the Cisco Secure Desktop 3.2(1) May 6. Module Host Scan Supported OSs • • • • • • • 32.1) with Pocket IE.20. auto applet download. openssl.4 – 10.3.1. Windows CE 5.5 32. libcurl (with openssl support).3.and 64-bit Microsoft Windows Vista SP2. so the following SSL VPN features are not supported: application access. and personal firewall applications (PDF alternatives to these spreadsheets).1.and 64-bit Mac OS X 10. and e-mail proxy. Cisco ASA 5500 Series. and port forwarding do not support mobile access.and 64-bit biarch (that is. Windows Mobile 5.0 (Build 14053) with Pocket IE. Antivirus. client/server plug-ins.4.0 5. or Vista Service Pack 1 with KB952876 32-bit Windows XP SP2 or SP3 64-bit Windows XP SP2 32-bit Windows 2000 SP4 32.Browser-based SSL VPN Support for Mobile Devices Browser-based SSL VPN Support for Mobile Devices You can access browser-based SSL VPN from your Pocket PC or other certified personal digital assistant (PDA). Cisco has certified the following mobile devices. Cisco Secure Desktop Support for AnyConnect and Browser-based SSL Cisco Secure Desktop supports only AnyConnect and browser-based SSL VPN connections.1 modules and the OSs they support.3. 2009 5 .3 and later with Safari.1) with Pocket IE.465 (Build 15673. The iPhone does not have a JRE and does not support SSL VPN.0.
Cisco ASA 5500 Series. Cache Cleaner 32. Secure Desktop does not let Internet Explorer run outside the Vault on a host computer running Windows Vista.5 with Safari 1. glibc 2. The AnyConnect standalone client does not support the Vault on Windows Vista. 32-bit Windows 2000 SP4. however you can use WebLaunch with Windows Vista. including both one-time password tokens and other types of xauth – RADIUS Expiry Supported VPN Platforms. 32. openssl.5 or later and Firefox 2.0 or later. 32-bit Windows XP SP2 and SP3.0 or later. Original iPhone users can upgrade to the iPhone 2. 32-bit Windows 2000 SP4. 32-bit Windows XP SP2 and SP3.IPsec Support for Nonmobile Clients Module Secure Desktop (Vault). IPsec Support for Nonmobile Clients All releases of the ASA support the following IPsec clients: • • • • • • • Cisco VPN Client Cisco ASA 5505 Cisco PIX 501 Firewall Cisco VPN 3002 hardware client Cisco IOS 8xx Series Microsoft L2TP/IPsec client Mac OS L2TP/IPsec client IPsec Support for Apple iPhone 3G The Apple iPhone 3G ships with advanced VPN Client capabilities for Cisco IPsec connectivity already installed. Rainbow. and Host Emulation Detection Supported OSs (continued) 32-bit Windows Vista with KB935855 or Windows Vista SP1 (or later) must be installed.0 or later.and 64-bit Mac OS X 10. including tokens such as RSA. 2009 . 32. Entrust. libcurl (with openssl support).and 64-bit Windows XP SP2. Also.2(1) 6 May 6.or 64-bit biarch Linux with libxml2. Note: AnyConnect does not support the Vault.and 64-bit Windows Vista and later.2 or later. Version 8.3. Features of the VPN Client include: • The following authentication types: – Pre-shared keys – Certificates – Xauth – One-time passwords. and libz.4 – 10. or Firefox 2. Keystroke Logger Detection. WebLaunch requires Sun Java 1.0 software to take advantage of this new capability. and SafeNet – RADIUS. 32.
and with third-party peers that comply with all relevant standards. IPsec Support for Windows Mobile For Windows Mobile.IPsec Support for Windows Mobile – Kerberos • • VPN load balancing (clustering) Split tunneling control The Cisco ASA 5500 series and PIX Firewalls work with the Cisco VPN Client on the iPhone. Supported VPN Platforms. Nokia provides support for Symbian on the Nokia 92xx Communicator series. 2009 7 .DE.0 (HP iPAQ hx 2495b) PDAs support enrollment with an available certificate authority server and can use certificate-based authentication. and pre-shared keys. Bluefire. Apani. Cisco ASA 5500 Series. Cisco supports the Microsoft client. We highly recommend the 8.0(x) software release or later.0 PDA and PDA Phone Apple iPhone The iPhone supports MS-CHAP v2 (preferred) for PPP. Microsoft.2(x) software. IPsec Support offered by Other Mobile Devices Bluefire offers a version of the Palm Treo that has an IPsec client that works with the ASA. but you can also use the 7. Windows mobile based handheld devices support MS-CHAP v1 and v2. L2TP/IPsec Client Support for Mobile Devices The following mobile OS's support a built-in L2TP/IPsec client that Cisco has tested successfully with the ASA: • • • Microsoft Windows Mobile 2003 for Pocket PC PDA Microsoft Windows Mobile 5. It has also been tested for MS-CHAP v1 and PAP support for PPP authentication. the respective vendors support the other clients. Version 8. the following third-party vendors offer a VPN client that works with the ASA: Antha. Nokia 6600 and Nokia E61. The VPN Client on the iPhone 3G supports pre-shared keys and certificates. ASA Support for Site to Site Connections The ASA supports site to site IPsec connections with Cisco peers. Some Windows Mobile 2003 (HP iPAQ h4150) and 5. and NCP.2(1) May 6.
CCENT. CCDP. iQuick Study. the IronPort logo. Cisco ASA 5500 Series. CCIP. EtherSwitch. Collaboration Without Limitation. PCNow. PowerPanels. WebEx. Cisco IOS. EtherFast. Cisco TelePresence. Play. CCVP. and figures included in the document are shown for illustrative purposes only. Cisco. Network Registrar. SMARTnet. and Learn and Cisco Store are service marks. GigaDrive. Live. Cisco Press. Cisco Nexus. Cisco Eos. Spectrum Expert. StackWise. Cisco Lumin. Follow Me Browsing.2(1) 8 May 6. ScriptShare. Inc. Cisco Nurse Connect. Aironet. Catalyst. Cisco Systems Capital. CCNP. Inc. Cisco StadiumVision. HomeLink. the Cisco Certified Internetwork Expert logo. Fast Step. MediaTone. and Welcome to the Human Network are trademarks. Cisco Unity. IOS. Cisco Systems. Networking Academy. CCDA. Internet Quotient. Cisco WebEx. Linksys. Networkers. MeetingPlace Chime Sound. SenderBase. All rights reserved. 2009 . LightStream. DCE. the Cisco logo. MGX. command display output. and Access Registrar. Supported VPN Platforms. CCSP. PIX.ASA Support for Site to Site Connections CCDE. and the WebEx logo are registered trademarks of Cisco Systems. All other trademarks mentioned in this document or website are the property of their respective owners. ProConnect. © 2009 Cisco Systems. FormShare. Cisco HealthPresence. CCNA. TransPath. Any examples. the Cisco Systems logo. The Fastest Way to Increase Your Internet Quotient. iPhone. Bringing the Meeting To You. (0903R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. CCIE. Event Center. Any use of actual IP addresses in illustrative content is unintentional and coincidental. MeetingPlace. Changing the Way We Work. CCSI. AsyncOS. Cisco Stackpower. Version 8. IronPort. The use of the word partner does not imply a partnership relationship between Cisco and any other company. and/or its affiliates in the United States and certain other countries.
This action might not be possible to undo. Are you sure you want to continue?