Tap Description enter MSU VPN (or other name for the connection). Tap Server Address enter Tap Done. Optional: If interested in information on setting Advanced Preferences visit Android User Guide for Cisco AnyConnect Secure Mobility Client, Release 4.0.x. Connect: Tap AnyConnect app to open. Oct 20, 2014 End-of-Life Announcement for the Cisco AnyConnect VPN Client 2.5 (for Desktop) EOL/EOS for the Cisco AnyConnect VPN Client 2.3 and Earlier (All Versions) and 2.4 (for Desktop) 13-Mar-2015 EOL/EOS for the Cisco Secure Desktop 3.4.x and Earlier 13-Mar-2015.

Topics Map > Networking > Virtual Private Networking (VPN)

This page contains links to download and installation instructions for VPN software for Android tablets, smartphones, and ereaders.

On This Page

University of Illinois students, faculty, and staff can use these directions to set up their Android devices, including some Amazon Kindles, to connect to the Virtual Private Network (VPN).

If you have a guest account, Technology Services recommends IllinoisNet Wireless for on-campus use. The VPN is most useful for off-campus use.

Note: General guidelines below

Because there are so many variations in Android device interfaces, the specific sequence required for your particular device may not be described here. University community members can contribute their specific experiences with their devices at Community-developed VPN configurations.

The images below were taken on Android 4.4.2 KitKat; your interface may vary.

Installing the VPN app

• Kindle owners: Use the Amazon Kindle store.
• All other Android owners (including Chromebooks): Use the Google Play Store.

NOTE: The AnyConnect client is not compatible with all Android devices; the Play Store and Kindle Store will inform you if your particular device isn't compatible.

When installing, you'll be prompted to agree to the permissions that AnyConnect needs, including network and phone access.

Configuring the VPN app

After you've installed the AnyConnect app on your Android or Kindle, there may be a new AnyConnect icon on your home screen, or you may need to look through All Applications to find it.

(Note that on other operating systems, you may be used to looking under 'Cisco AnyConnect' to find the VPN app; on Android it appears as 'AnyConnect'.)

1. Launch the AnyConnect app.
   
2. If prompted with an End User License Agreement (EULA), tap to accept it.
   
   
   
   
3. Tap Add VPN Connection...
   
4. In the Connection Editor, enter the following:
   • Description: Urbana VPN
   • Server address: vpn.illinois.edu
     • (vpn.cites.illinois.edu will still work)
5. Tap Done.
   This will save the configuration for future use.
   
   
   

Logging in

1. Whenever you want to use the VPN software, tap on it it from your home screen.
   (If the Cisco AnyConnect icon isn't visible on your home screen, use All Applications to find it.)
   
2. Under Choose a Connection, select the Urbana VPN entry.
   
3. You'll be prompted to enter the following information.
   • Group: 1_SplitTunnel_Default
     (Note: This is the most common choice. See About VPN Profiles for information about the alternatives, such as Tunnel All for access to library resources.)
   • Username: Your NetID
     (or, if you're a guest, your guest ID)
   • Password: Your Active Directory password
     (or, if you're a guest, your guest password)
   • Tap OK.
4. 
   
   
   
5. 
   
6. If asked whether you trust this app to make a VPN connection, check I trust this application and tap OK.
   
7. 
   
8. When you've connected, the On/Off toggle will show as On and the status will say Connected to Tech Services VPN.
   

At this point, you can return to your Home screen and use your other apps as needed.

Disconnecting

When you're done using the VPN connection, disconnect it.

1. Tap the Cisco AnyConnect app icon.
2. Slide the AnyConnect VPN switch from On to Off.

Troubleshooting and the Statistics and Details screens

Cisco Anyconnect Vpn Setup

The Cisco AnyConnect VPN client gathers information that can help you with troubleshooting speed or connectivity issues. It may be helpful to open the Statistics and/or Details screens while troubleshooting with the Help Desk.

To open the Statistics window:

Cisco Anyconnect Vpn Android

1. Click the app menu icon.
   
2. Click Statistics.
   
   
   

The Details button at the bottom of the Statistics screen provides additional connection information.

More help

For more help, contact the Help Desk.

AnyConnect implements the Samsung Knox VPN framework and is compatible with the Knox VPN SDK. It's recommended to use Knox version 2.2 and above with AnyConnect. All operations from IKnoxVpnService are supported. For detailed description of each operation, please see the IKnoxVpnService documentation published by Samsung.

Knox VPN JSON Profile

As required by the Knox VPN framework, each VPN configuration is created using a JSON object. This object has provides three main sections of the configuration:

1. General attributes - 'profile_attribute'
2. Vendor (AnyConnect) specific attributes - 'vendor'
3. Knox specific profile attributes - 'knox'

Supported profile_attribut Fields

Cisco Anyconnect Vpn Client Download

• profileName - Unique name for the connection entry to appear in the connection list of the AnyConnect home screen and the Description field of the AnyConnect connection entry. We recommend using a maximum of 24 characters to ensure that they fit in the connection list. Use letters, numbers, or symbols on the keyboard displayed on the device when you enter text into a field. The letters are case-sensitive.
  
• vpn_type - The VPN protocol used for this connection. Valid values are:
  • ssl
  • ipsec
• vpn_route_type - Valid values are:
  • 0 – System VPN
  • 1 – Per-app VPN

For more information regarding the common profile attributes, please see the Samsung KNOX Framework Vendor Integration Guide.

AnyConnect specific configuration is specified via 'AnyConnectVPNConnection' key inside inside the 'vendor' section. Sample:

Supported AnyConnectVPNConnection Fields

• host - The domain name, IP address, or Group URL of the ASA with which to connect. AnyConnect inserts the value of this parameter into the Server Address field of the AnyConnect connection entry.
  
• authentication - (optional) Only applies when vpn_type (in profile_attributes) is set to 'ipsec'. Specifies the authentication method used for an IPsec VPN connection Valid values are:
  
  • EAP-AnyConnect (default value)
  • EAP-GTC
  • EAP-MD5
  • EAP-MSCHAPv2
  • IKE-PSK
  • IKE-RSA
  • IKE-ECDSA
• ike-identity - Used only if authentication is set to EAP-GTC, EAP-MD5, or EAP-MSCAPv2. Provides the IKE identity for these authentication methods.
  
• usergroup (optional) The connection profile (tunnel group) to use when connecting to the specified host. If present, used in conjunction with HostAddress to form a Group-based URL. If you specify the Primary Protocol as IPsec, the User Group must be the exact name of the connection profile (tunnel group). For SSL, the user group is the group-url or group-alias of the connection profile.
  
• certalias (optional)- KeyChain alias of a client certificate that should be imported from Android KeyChain. The user must acknowledge an Android system prompt before the cert could be used by AnyConnect.
  
• ccmcertalias (optional)- TIMA alias of a client certificate that should be imported from the TIMA certificate store. No user action is necessary for AnyConnect to receive the cert. Please note: this certificate must have been explicitly whitelisted for use by AnyConnect (e.g. using the Knox CertificatePolicy API).

Inline VPN Packet App Metadata

Inline app metadata for VPN packets is an exclusive feature available on Samsung Knox devices. It is enabled by MDM and provides AnyConnect with source application context for enforcing routing and filtering policies. It is required for implementing certain per-app VPN filtering policies from the VPN gateway on Android devices. Policies are defined to target specific application id or groups of apps via wildcarding and is matched against the source application id of each outbound packet.

MDM dashboard should provide administrators with an option to enable inline packet metadata. Alternatively, MDM could hardcode this option to always be enabled for AnyConnect, which will make use of it as per headend policy.

For more information on AnyConnect’s per-app VPN policies, please see the section on 'Define a Per App VPN Policy for Android Devices' in the Cisco AnyConnect Secure Mobility Client Administrator Guide.

MDM Configuration

Com.cisco.anyconnect.vpn.android.samsung Apk

To enable inline packet metadata, set 'uidpid_search_enabled' to 1 in the Knox specific attribute for a configuration. Sample: