Configure Cisco AnyConnect VPN for Android

MobiLock and Android for Work makes it easy for you to configure Cisco AnyConnect VPN on your managed Android devices. Follow the guide below to configure Cisco AnyConnect.

Before you Begin

  1. Complete Android for Work Setup in MobiLock Dashboard.
  2. Enroll your corporate owned devices using afw#mobilock
  3. Invite your Employees to enroll their Personal devices.

The following feature works only for devices enrolled via afw#mobilock and where MobiLock application is set as a Device Owner. It will not work if you are using legacy methods to enroll the devices.

Search and Approve Cisco AnyConnect

The first step is to search and approve Cisco AnyConnect for your organization. The steps are,

  1. Sign In MobiLock Dashboard.
  2. Navigate to Enterprise > My Apps > Play For Work Apps

  3. Click on SEARCH&ADD button to see the Google Play dialog.
  4. In the Google Play dialog search for Cisco AnyConnect,
  5. Click on the Cisco AnyConnect app and select Approve

  6. Follow the onscreen instructions to approve the application. Click Done to close the dialog and now the app starts appearing on the MobiLock Dashboard.

Configuring Cisco AnyConnect Settings

Once you have the AnyConnect app, the next step is to configure the application. The steps are,

  1. Click on the AnyConnect application to see the details card.
  2. Click on the App Configurations tab and click CREATE to see the configuration options.
  3. Cisco AnyConnect gives you the following configuration options,

    Connection Name

    The display name for the VPN as shown on user's mobile device

    Host

    The URL of the headend that is the actual Cisco VPN Server.

    Protocol

    Choose between SSL or IPSec.

    IPSec Authentication Mode

    If the selected protocol is IPSec, then choose the authentication mode.

    IKE Identity

    Optional field to specify the data on how to identify a user connection.

    Keychain Certificate Alias

    KeyChain alias of the client certificate to use for this VPN configuration.

    Per App VPN Allowed Apps

    Deprecated. Use the setting below

    Per App VPN Allowed Apps

    Specify a comma separated list of applications that should be routed through VPN.

    Per App VPN Disallowed Apps

    Specify a comma separated list of applications that should not be routed through VPN.

    Allow Apps to Bypass VPN Tunnel

    Choose if you want the applications to bypass the VPN Tunnel.

    Set Active

    Select this to make the default selected VPN Configuration.

    FIPS Mode

    Select to enable FIPS mode for AnyConnect.

    Certificate Revocation

    AnyConnect Profile

    Enter the AnyConnect Profile in XML format.

    Device Identifier

    Enter the device identifier that should be reported to VPN Server.

    Report Hardware Identifiers for VPN Identification

    Enable if the H/W identifiers like Mac and/or IMEI should be reported to VPN Server.

    Allow Users to Save Credentials

    Choose if user can save the VPN Credentials so that they are not asked for it repeatedly.

  4. Once you have entered the values, click on SAVE to save the configuration. All the saved configuration appear in the list.

Publishing the Application and Configuration

Once you have created the configuration, the next step is to publish the application and then the configuration. The steps are,

  1. From the App Details card, click on the App Information tab and click on PUBLISH

  2. Select the Android Device Groups/Profiles/Devices where you want to publish the application and click PUBLISH

  3. Now click on the App Configuration tab. Click on the Publish icon.
  4. Select the Android Device Groups/Profiles/Devices where you have published the application in Step 3, and click PUBLISH

  5. This will cause the applications to be installed on the devices and then configured based on the configuration.

Please contact your VPN Service provider in case you need details on how to use a particular setting and the accepted values.


How did we do?