Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4.0.x for BlackBerry AnyConnect for BlackBerry Release Notes AnyConnect for Blackberry Mobile Devices The AnyConnect Secure Mobility Client provides remote users with secure VPN connections to the Cisco ASA 5500 Series. It provides seamless and secure remote access to enterprise networks allowing installed applications to communicate as though connected directly to the enterprise network. AnyConnect supports connections to IPv4 resources over an IPv4 or IPv6 tunnel. This document, written for system administrators of the AnyConnect Secure Mobility Client and the Adaptive Security Appliance (ASA) 5500, supplements the Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.0 and provides release specific information for AnyConnect running on BlackBerry devices. The AnyConnect app is available on BlackBerry World only. Cisco does not distribute AnyConnect mobile apps. Nor can you deploy the mobile app from the ASA. You can deploy other releases of AnyConnect for desktop devices from the ASA while supporting this mobile release. AnyConnect Mobile Support Policy Cisco supports the AnyConnect version that is currently available in the app store; however, fixes and enhancements are provided only in the most recently released version. AnyConnect Licensing To connect to the ASA headend an AnyConnect 4.x Plus or Apex license is required, trial licenses are available, see the Cisco AnyConnect Ordering Guide. For the latest end-user license agreement, see Cisco End User License Agreement, AnyConnect Secure Mobility Client, Release 4.x. For our open source licensing acknowledgments, see Open Source Software Used In Cisco AnyConnect Secure Mobility Client Release 4.0 for Mobile BlackBerry Supported Devices Full support for Cisco AnyConnect on BlackBerry is provided on devices running BlackBerry OS 10.3.2 and later. For the best AnyConnect experience, Cisco strongly recommends you upgrade your device to 10.3.2. See BlackBerry User Guide for Cisco AnyConnect Secure Mobility Client, Release 4.0.x for installation and upgrade procedures. Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4.0.x for BlackBerry 1 AnyConnect for BlackBerry Release Notes Install or Upgrade AnyConnect on BlackBerry Devices Install or Upgrade AnyConnect on BlackBerry Devices Before You Begin Verify you are using a device supported by AnyConnect, see BlackBerry Supported Devices, on page 1 for details. AnyConnect is available in the BlackBerry World store at http://appworld.blackberry.com/webstore/content/59952066. New Features in AnyConnect 4.0.0.1833 for BlackBerry Mobile Devices This release of Cisco AnyConnect Secure Mobility Client on BlackBerry devices addresses the most recent OpenSSL vulnerabilities. Cisco recommends that you update to this release. Please review the information on the app page and the Guidelines and Limitations for AnyConnect on BlackBerry, on page 7 to be aware of current operational considerations. See the BlackBerry AnyConnect Feature Matrix, on page 3 for a list of supported features in this app. New Features in AnyConnect 4.0.0.1830 for BlackBerry Mobile Devices This release of Cisco AnyConnect Secure Mobility Client on BlackBerry devices addresses the most recent OpenSSL vulnerabilities. Cisco recommends that you update to this release. Please review the information on the app page and the Guidelines and Limitations for AnyConnect on BlackBerry, on page 7 to be aware of current operational considerations. See the BlackBerry AnyConnect Feature Matrix, on page 3 for a list of supported features in this app. New Features in AnyConnect 4.0.0.1827 for BlackBerry Mobile Devices AnyConnect 4.0.0.1827 is a maintenance release of Cisco AnyConnect Secure Mobility Client on BlackBerry that resolves OpenSSL December 2015 vulnerabilities (CSCux97316). Cisco recommends that you update to this release and review the Guidelines and Limitations for AnyConnect on BlackBerry, on page 7 to be aware of current operational considerations. See the BlackBerry AnyConnect Feature Matrix, on page 3 for a list of supported features in this app. New Features in AnyConnect 4.0.0.1826 for BlackBerry Mobile Devices AnyConnect 4.0.0.1826 is a maintenance release of Cisco AnyConnect Secure Mobility Client on BlackBerry. See the BlackBerry AnyConnect Feature Matrix, on page 3 for a list of supported features in this app. Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4.0.x for BlackBerry 2 AnyConnect for BlackBerry Release Notes New Features in AnyConnect 4.0.0.1823 for BlackBerry Mobile Devices Cisco recommends that you review the Guidelines and Limitations for AnyConnect on BlackBerry, on page 7 to be aware of current operational considerations. New Features in AnyConnect 4.0.0.1823 for BlackBerry Mobile Devices AnyConnect 4.0.0.1823 is the initial release of Cisco AnyConnect Secure Mobility Client on BlackBerry. See the BlackBerry AnyConnect Feature Matrix, on page 3 for a list of supported features in this app. Cisco recommends that you review the Guidelines and Limitations for AnyConnect on BlackBerry, on page 7 to be aware of current operational considerations. BlackBerry AnyConnect Feature Matrix The following remote access features are supported by Cisco AnyConnect on BlackBerry: Category: Feature BlackBerry Deployment and Configuration: Install or upgrade from Application Store Yes Cisco VPN Profile support (manual import) No Cisco VPN Profile support (import on connect) Yes, new profile overwrites existing one. MDM configured connection entries Yes, using BDS, new profile overwrites existing one. User-configured connection entries Yes Tunneling: TLS Yes Datagram TLS (DTLS) Yes IPsec IKEv2 NAT-T Yes, must be enabled and configured on the device by the user. Only EAP authentication is supported. IKEv2 - raw ESP No Suite B (IPsec only) Yes TLS compression Yes Dead peer detection Yes, disabled by default. If no response is received to three DPD packets in a row, the device will close the tunnel or the ASA will suspend the tunnel until DPD exchange is re-established. Tunnel keepalive Yes, disabled by default Multiple active network interfaces No Per App Tunneling (requires Plus or Apex license and ASA 9.4.2 No or later) Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4.0.x for BlackBerry 3 AnyConnect for BlackBerry Release Notes BlackBerry AnyConnect Feature Matrix Category: Feature BlackBerry Full tunnel (OS may make exceptions on some traffic, such as traffic to the app store) Yes Split tunnel (split include) Yes Local LAN (split exclude) No Split-DNS Yes, Until BlackBerry supports more than 2 DNS servers, the Admin should configure only one private DNS server on the ASA end. Auto Reconnect / Network Roaming Yes, BBRY OS feature, when enabled the VPN connection will be automatically established. May require the user to re-enter credentials. VPN on-demand (triggered by destination) No VPN on-demand (triggered by application) No Rekey Yes, for TLS and DTLS inline (same socket) and new-tunnels (new socket). IPv4 public transport Yes IPv6 public transport No IPv4 over IPv4 tunnel Yes IPv6 over IPv4 tunnel No Default domain Yes DNS server configuration Yes, max of 2 Private-side proxy support Yes, for URL, HTTP and HTTPS. These take precedence of other proxy setting pushed to the device. FTP and Auto proxy not supported. Proxy Exceptions No Public-side proxy support No Pre-login banner Yes, if BlackBerry's Auto-Connect is enabled, a banner will be shown only once for the session. If BDS pushes credentials to the device, banners may not be shown. Post-login banner Yes DSCP Preservation No Connecting and Disconnecting: VPN load balancing Yes Backup server list Yes Optimal Gateway Selection No Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4.0.x for BlackBerry 4 AnyConnect for BlackBerry Release Notes BlackBerry AnyConnect Feature Matrix Category: Feature BlackBerry Authentication: SAML 2.0 No Client Certificate Authentication Yes Online Certificate Status Protocol (OCSP) No Manual user certificate management Yes, using BBRY device capabilities. Manual server certificate management Yes, using BBRY device capabilities. SCEP legacy enrollment Please confirm for your platform. Yes, if enabled, these obtained certificates will override BDS pushed certificates. BDS may disable this feature. SCEP proxy enrollment Please confirm for your platform. Yes Automatic certificate selection No Manual certificate selection Yes Smart card support No Username and password Yes, also pushed in BDS VPN Profile. Tokens/challenge Yes Double authentication Yes Group URL (specified in server address) Yes Group selection (drop-down selection) Yes Credential prefill from user certificate Yes, AnyConnect or BDS Save password Yes, by BDS, AnyConnect does not save passwords. User interface: Standalone GUI No Native OS GUI Yes API / URI Handler (see below) No UI customization Yes UI localization No User preferences No Home screen widgets for one-click VPN access No AnyConnect specific status icon No Mobile Posture: (AnyConnect Identity Extensions, ACIDex) Serial number or unique ID check No Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4.0.x for BlackBerry 5 AnyConnect for BlackBerry Release Notes Adaptive Security Appliance Requirements Category: Feature BlackBerry OS and AnyConnect version shared with headend Yes URI Handling: Add connection entry No Connect to a VPN No Credential pre-fill on connect No Disconnect VPN No Import certificate No Import localization data No Import XML client profile No External (user) control of URI commands No Reporting and Troubleshooting: Statistics Yes Logging / Diagnostic Information (DART) Yes Certifications: FIPS 140-2 Level 1 No Adaptive Security Appliance Requirements A minimum release of the ASA is required for the following features: Note Refer to the feature matrix for your platform to verify the availability of these features in the current AnyConnect mobile release. • You must upgrade to ASA 9.3.2 or later to use TLS 1.2. • You must upgrade to ASA 9.0 to use the following mobile features: ◦IPsec IKEv2 VPN ◦Suite B cryptography ◦SCEP Proxy ◦Mobile Posture • ASA Release 8.0(3) and Adaptive Security Device Manager (ASDM) 6.1(3) are the minimum releases that support AnyConnect for mobile devices. Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4.0.x for BlackBerry 6 AnyConnect for BlackBerry Release Notes Guidelines and Limitations for AnyConnect on BlackBerry Guidelines and Limitations for AnyConnect on BlackBerry • Enabling Split DNS can break VPN connections. Blackberry supports a maximum of two DNS servers. Our ASA configured DNS server takes precedence because it is prepended in the DNS server list, so our ASA configured DNS server is applied to the tun adapter. If the ASA configures two private DNS servers without DNS forwarding in the ASA side, then DNS resolution of public network will fail. Work around: Until BlackBerry supports more than 2 DNS servers, the Admin should configure only one private DNS server on the ASA end. • AnyConnect VPN profiles which are pushed to devices from an ASA headend, block all untrusted servers by default. This may be preventing a successful VPN connection. Disable this setting to provide the user with the option to accept or deny connections to untrusted servers • IPsec IKEv2 VPN connections must be enabled and configured manually on the device by the user. Only EAP authentication is supported when connecting to the ASA headend. Open Issues in AnyConnect for BlackBerry None Resolved Issues in AnyConnect for BlackBerry Resolved Issues in AnyConnect 4.0.0.1827 for BlackBerry Identifier Headline CSCuw64759 VPN disconnecting for Auto proxy enabled profile CSCux01580 BB10: Challenge authentication message displayed as strange characters CSCux97316 Evaluation of anyconnect for OpenSSL December 2015 vulnerabilities Resolved Issues in AnyConnect 4.0.0.1826 for BlackBerry Identifier Headline CSCuw64759 VPN disconnecting for Auto proxy enabled profile CSCux01580 BB10: Challenge authentication message displayed as strange characters Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4.0.x for BlackBerry 7 AnyConnect for BlackBerry Release Notes AnyConnect Mobile Related Documentation AnyConnect Mobile Related Documentation For more information refer to the following documentation: • AnyConnect Release Notes • AnyConnect Administrator Guides • Navigating the Cisco ASA Series Documentation Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4.0.x for BlackBerry 8 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) © 2015-2017 Cisco Systems, Inc. All rights reserved.
© Copyright 2026 Paperzz