Cisco Cisco AnyConnect Secure Mobility Client v3.x Release Notes
23
Release Notes for Cisco AnyConnect Secure Mobility Client 3.0.x for Android Mobile Devices
Known Issues and Limitations
•
We are pleased to report that Android 4.4 (KitKat) bug Google Issue #61948 (AnyConnect users will
experience High Packet Loss over their VPN connection /users will experience timeouts) has been
resolved in Google's release of Android 4.4.1 which Google has begun distributing to some devices
via Software Update. The following problem information is provided for reference:
experience High Packet Loss over their VPN connection /users will experience timeouts) has been
resolved in Google's release of Android 4.4.1 which Google has begun distributing to some devices
via Software Update. The following problem information is provided for reference:
Due to a bug in Android 4.4 (
also see the
), AnyConnect
users will experience High Packet Loss over their VPN connection. This has been seen on the
Google Nexus 5 running Android 4.4 with AnyConnect ICS+. Users will experience timeouts
when attempting to access certain network resources. Also, in the ASA logs, a syslog message
will appear with text similar to "Transmitting large packet 1420 (threshold 1405)."
Google Nexus 5 running Android 4.4 with AnyConnect ICS+. Users will experience timeouts
when attempting to access certain network resources. Also, in the ASA logs, a syslog message
will appear with text similar to "Transmitting large packet 1420 (threshold 1405)."
Until Google produces a fix for Android 4.4, VPN administrators may temporarily reduce the
maximum segment size for TCP connections on the ASA by configuring the following sysopt
connection tcpmss <mss size>. The default for this parameter is 1380 bytes, reduce this value
by the difference between the values seen in the ASA logs. In the above example, the difference
is 15 bytes; the value should thus be no more than 1365. Reducing this value will negatively
impact performance for connected VPN users where large packets are transmitted.
maximum segment size for TCP connections on the ASA by configuring the following sysopt
connection tcpmss <mss size>. The default for this parameter is 1380 bytes, reduce this value
by the difference between the values seen in the ASA logs. In the above example, the difference
is 15 bytes; the value should thus be no more than 1365. Reducing this value will negatively
impact performance for connected VPN users where large packets are transmitted.
•
AnyConnect for Android may have connectivity issues when connecting to a mobile network using
the IPv6 transition mechanism known as 464xlat. Known affected devices include the Samsung
Galaxy Note III LTE connecting to the T-Mobile US network. This device defaults to an IPv6 only
mobile network connection. Attempting a connection may result in a loss of mobile connectivity
until the device is rebooted.
the IPv6 transition mechanism known as 464xlat. Known affected devices include the Samsung
Galaxy Note III LTE connecting to the T-Mobile US network. This device defaults to an IPv6 only
mobile network connection. Attempting a connection may result in a loss of mobile connectivity
until the device is rebooted.
To prevent this problem, use the AnyConnect ICS+ app, and change your device settings to obtain
IPv4 network connectivity or connect using a Wi-Fi network.
IPv4 network connectivity or connect using a Wi-Fi network.
–
For the Samsung Galaxy Note III LTE connecting to the T-Mobile US network, follow the
to set the Access Point Name (APN) on your device, making
sure APN Protocol is set to IPv4
•
The AnyConnect ICS+ package may have issues when a private IP address range within the VPN
overlaps with the range of the outside interface of the client device. When this route overlap occurs,
the user may be able to successfully connect to the VPN but then be unable to actually access
anything. This issue has been seen on cellular networks which use NAT (Network Address
Translation) and assign addresses within the 10.0.0.0 - 10.255.255.255 range, and is due to
AnyConnect having limited control of routes in the Android VPN framework. The vendor specific
Android packages have full routing control and may work better in such a scenario.
overlaps with the range of the outside interface of the client device. When this route overlap occurs,
the user may be able to successfully connect to the VPN but then be unable to actually access
anything. This issue has been seen on cellular networks which use NAT (Network Address
Translation) and assign addresses within the 10.0.0.0 - 10.255.255.255 range, and is due to
AnyConnect having limited control of routes in the Android VPN framework. The vendor specific
Android packages have full routing control and may work better in such a scenario.
•
An Asus tablet running Android 4.0 (ICS) may be missing the tun driver. This causes AVF
AnyConnect to fail.
AnyConnect to fail.
•
On a rooted device, in the superuser application preferences, Automatic response must be set to
Prompt. Other settings may cause AnyConnect to hang.
Prompt. Other settings may cause AnyConnect to hang.
•
Due to Android issue
, when pasting text from the clipboard, a space is inserted in front of the
text. In AnyConnect, when copying text such as a one time password, the user has to delete this
erroneous white space.
erroneous white space.
Guidelines and Limitations
•
Cisco IOS routers do not support the Cisco AnyConnect Secure Mobility client for Android at this
time.
time.
•
AnyConnect for Android supports only the features that are strictly related to remote access.
•
The ASA does not provide distributions and updates for AnyConnect for Android. They are
available only on Google Play.
available only on Google Play.