Cisco Cisco AnyConnect Secure Mobility Client v4.x Release Notes
Known Issues and Limitations
Known Compatibility Issues
Apple iOS Known Issues
We have reported the following iOS issues to Apple. They may be resolved in a future iOS release.
• Network Roaming applies to releases earlier than iOS 8 only. Release iOS 8 and later always operate as if Network Roaming
is ON, attempting to re-establish a connection until it succeeds. See the
for a full description of Network Roaming.
• Apple ID: 22784308 issue - On demand option never connect fails.
• A DTLS packet received while the device is asleep does not awaken it. TLS packets, however, awaken the device if notifications
or Facetime is enabled. AnyConnect automatically disconnects the DTLS tunnel when the device goes to sleep to allow packets
received over the TLS connection to wake the device. The DTLS tunnel is restored when the device resumes.
received over the TLS connection to wake the device. The DTLS tunnel is restored when the device resumes.
• Voice applications running in the background on an iPod Touch cannot receive packets over VPN. This functionality works as
expected on iPhone devices.
• If a VPN configuration contains a large number of routes or split-dns rules, the Apple device cannot establish a VPN connection.
This bug occurs, for example, if, upon connection, an ASA configuration pushes a VPN split-include list that has 70 or more
rules that direct traffic to individual subnets. To prevent this bug, apply a tunnel-all configuration or reduce the number of rules.
rules that direct traffic to individual subnets. To prevent this bug, apply a tunnel-all configuration or reduce the number of rules.
• AnyConnect may become slow or crash when there are a large number of VPN connections configured on the mobile device.
Apple iOS Permits All Local LAN Traffic with Tunnel-all
Apple iOS permits traffic that is essential for the core operation of the device, regardless of whether a tunnel-all policy is in force.
Examples of traffic that Apple iOS sends in the clear regardless of the tunnel policy include:
Examples of traffic that Apple iOS sends in the clear regardless of the tunnel policy include:
• All local LAN traffic
• Scoped routes for preexisting connections (for example, a video being streamed before VPN comes up)
• Core Apple services (for example, Visual Voice mail traffic)
Guidelines and Limitations for AnyConnect on Apple iOS
• Cisco IOS routers do not currently support the Cisco AnyConnect Secure Mobility client for Apple iOS.
• This release of AnyConnect for Apple iOS supports only the features that are strictly related to remote VPN access.
• AnyConnect supports the following types of VPN configurations:
◦Manually generated.
◦AnyConnect VPN client profile imported.
◦iPhone Configuration Utility generated. For details about the iPhone Configuration Utility, see
15