AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.0

Available Languages

Download Options

PDF (470.1 KB)
View with Adobe Reader on a variety of devices

Updated:November 6, 2014

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.0

Supported Operating Systems

License Options

AnyConnect Plus and Apex Licenses

Features Matrix

AnyConnect Deployment and Configuration

AnyConnect Core VPN Client

Core Features

Connect and Disconnect Features

Authentication and Encryption Features

Interfaces

AnyConnect Network Access Manager

AnyConnect Secure Mobility Modules

Hostscan and Posture Assessment

ISE Posture

Web Security

Reporting and Troubleshooting Modules

Customer Experience Feedback

Diagnostic and Report Tool (DART)

AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.0

This document identifies the AnyConnect release 4.0 features, license requirements, and endpoint operating systems that AnyConnect features support.

Supported Operating Systems

Cisco AnyConnect Secure Mobility Client 4.0 supports the following operating systems.

Operating System	Version
Windows	Windows 8.1 x86(32-bit) and x64(64-bit)
	Windows 8 x86(32-bit) and x64(64-bit)
	Windows 7 x86(32-bit) and x64(64-bit)
Mac	Mac OS X 10.10
	Mac OS X 10.9
	Mac OS X 10.8
Linux	Red Hat 6 (64-bit)
Linux	Ubuntu 12.x (64-bit)

Note: Cisco no longer supports AnyConnect releases for Windows XP.

See the Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4.0 for OS requirements and support notes. See the Supplemental End User Agreement (SEULA) for licensing terms and conditions. See the Cisco AnyConnect Ordering Guide for a breakdown of orderability and the specific terms and conditions of the various licenses.

See the Feature Matrix below for license information and operating system limitations that apply to AnyConnect modules and features.

License Options

Use of the AnyConnect Secure Mobility Client 4.0 requires that you purchase either an AnyConnect Plus or AnyConnect Apex license. The license(s) required depends on the AnyConnect VPN Client and Secure Mobility features that you plan to use, and the number of sessions that you want to support. These user-based licenses include access to support and software updates to align with general BYOD trends.

AnyConnect 4.0 licenses are used with Cisco ASA 5500 Series Adaptive Security Appliances (ASA), Integrated Services Routers (ISR), Cloud Services Routers (CSR), and Aggregated Services Routers (ASR), as well as other non-VPN headends such as Identity Services Engine (ISE), Cloud Web Security (CWS), and Web Security Appliance (WSA). A consistent model is used regardless of the headend, so there is no impact when headend migrations occur.

One or more of the following AnyConnect licenses may be required for your deployment:

License	Description
AnyConnect Plus	Supports basic AnyConnect features such as VPN functionality for PC and mobile platforms (AnyConnect and standards-based IPsec IKEv2 software clients), FIPS, basic endpoint context collection, 802.1x Windows supplicant, and web security SSL VPN. Plus licenses are most applicable to environments previously served by the AnyConnect Essentials license and users of Network Access Manager or Web Security modules.
AnyConnect Apex	Supports all basic AnyConnect Plus features in addition to advanced features such as clientless VPN, VPN posture agent, unified posture agent, Next Generation Encryption/Suite B, all plus services and flex licenses. Apex licenses are most applicable to environments previously served by the AnyConnect Premium, Shared, Flex, and Advanced Endpoint Assessment licenses.

License

Description

AnyConnect Plus

Supports basic AnyConnect features such as VPN functionality for PC and mobile platforms (AnyConnect and standards-based IPsec IKEv2 software clients), FIPS, basic endpoint context collection, 802.1x Windows supplicant, and web security SSL VPN. Plus licenses are most applicable to environments previously served by the AnyConnect Essentials license and users of Network Access Manager or Web Security modules.

AnyConnect Apex

Supports all basic AnyConnect Plus features in addition to advanced features such as clientless VPN, VPN posture agent, unified posture agent, Next Generation Encryption/Suite B, all plus services and flex licenses. Apex licenses are most applicable to environments previously served by the AnyConnect Premium, Shared, Flex, and Advanced Endpoint Assessment licenses.

AnyConnect Plus and Apex Licenses

From the Cisco Commerce Workspace website, choose the service tier (Apex or Plus) and the length of term (1, 3, or 5 year). The number of licenses that are needed is based on the number of unique or authorized users that will make use of AnyConnect. AnyConnect 4.0 is not licensed based on simultaneous connections. You can mix Apex and Plus licenses in the same environment, and only one license is required for each user.

AnyConnect 4.0 licensed customers are also entitled to earlier AnyConnect releases.

Features Matrix

AnyConnect 4.0 modules and features, with their minimum release requirements, license requirements, and supported operating systems are listed in the following sections:

–Core Features

–Connect and Disconnect Features

–Authentication and Encryption Features

–Interfaces

–Hostscan and Posture Assessment

–ISE Posture

Customer Experience Feedback

–Customer Experience Feedback

–Diagnostic and Report Tool (DART)

AnyConnect Deployment and Configuration

Feature	Minimum ASA/ASDM Release	License Required	Windows	Mac	Linux
Deferred Upgrades	ASA 9.0 ASDM 7.0	Plus	yes	yes	yes
Windows Services Lockdown	ASA 8.0(4) ASDM 6.4(1)	Plus	yes	no	no
Update Policy, Software and Profile Lock	ASA 8.0(4) ASDM 6.4(1)	Plus	yes	yes	yes
Auto Update	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	yes
Web Launch (32 bit browsers only)	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	yes
Pre-deployment	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	yes
Auto Update Client Profiles	ASA 8.0(4) ASDM 6.4(1)	Plus	yes	yes	yes
AnyConnect Profile Editor	ASA 8.4(1) ASDM 6.4(1)	Plus	yes	yes	yes
User Controllable Features	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	no

AnyConnect Core VPN Client

Core Features

Feature	Minimum ASA/ASDM Release	License Required	Windows	Mac	Linux
SSL (TLS & DTLS), including Per App VPN	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	yes
TLS Compression	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	yes
DTLS fallback to TLS	ASA 8.4.2.8 ASDM 6.3(1)	Plus	yes	yes	yes
IPsec/IKEv2	ASA 8.4(1) ASDM 6.4(1)	Plus	yes	yes	yes
Split tunneling	ASA 8.0(x) ASDM 6.3(1)	Plus	yes	yes	no
Split DNS	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	no
Ignore Browser Proxy	ASA 8.3(1) ASDM 6.3(1)	Plus	yes	yes	no
Proxy Auto Config (PAC) file generation	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	no	no
Internet Explorer tab lockdown	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	no	no
Optimal Gateway Selection	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	no
Global Site Selector (GSS) compatibility	ASA 8.0(4) ASDM 6.4(1)	Plus	yes	yes	yes
Local LAN Access	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	yes
Tethered device access via client firewall rules, for synchronization	ASA 8.3(1) ASDM 6.3(1)	Plus	yes	yes	yes
Local printer access via client firewall rules	ASA 8.3(1) ASDM 6.3(1)	Plus	yes	yes	yes
IPv6	ASA 9.0 ASDM 7.0	Plus	yes	yes	no

Connect and Disconnect Features

Feature	Minimum ASA/ASDM Release	License Required	Windows	Mac	Linux
Simultaneous Clientless & AnyConnect connections	ASA8.0(4) ASDM 6.3(1)	Apex	yes	yes	yes
Start Before Logon (SBL)	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	no	no
Run script on connect & disconnect	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	yes
Minimize on connect	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	yes
Auto connect on start	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	yes
Auto reconnect (disconnect on system suspend, reconnect on system resume)	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	no
Remote User VPN Establishment (permitted or denied)	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	no	no
Logon Enforcement (terminate VPN session if another user logs in)	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	no	no
Retain VPN session (when user logs off, and then when this or another user logs in)	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	no	no
Trusted Network Detection (TND)	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	no
Always on (VPN must be connected to access network)	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	no
Always on exemption via DAP	ASA 8.3(1) ASDM 6.3(1)	Plus	yes	yes	no
Connect Failure Policy (Internet access allowed or disallowed if VPN connection fails)	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	no
Captive Portal Detection	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	no
Captive Portal Remediation	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	no

Authentication and Encryption Features

Feature	Minimum ASA/ASDM Release	License Required	Windows	Mac	Linux
Certificate only authentication	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	yes
RSA SecurID /SoftID integration		Plus	yes	no	no
Smartcard support		Plus	yes	yes	no
SCEP (requires Posture Module if Machine ID is used)		Plus	yes	yes	no
List & select certificates		Plus	yes	no	no
FIPS		Plus	yes	yes	yes
SHA-2 for IPsec IKEv2 (Digital Signatures, Integrity, & PRF)	ASA 8.0(4) ASDM 6.4(1)	Plus	yes	yes	yes
Strong Encryption (AES-256 & 3des-168)	ASA 8.0(4) ASDM 6.4(1)	Plus	yes	yes	yes
NSA Suite-B (IPsec only)	ASA 9.0 ASDM 7.0	Apex	yes	yes	yes

Interfaces

Feature	Minimum ASA/ASDM Release	License Required	Windows	Mac	Linux
GUI	ASA 8.0(4) ASDM 6.3(1)	Plus	yes	yes	yes
Command Line			yes	yes	yes
API			yes	yes	yes
Microsoft Component Object Module (COM)			yes	no	no
Localization of User Messages			yes	yes	no
Custom MSI transforms			yes	no	no
User defined resource files			yes	yes	no
Client Help	ASA 9.0 ASDM 7.0		yes	yes	yes

AnyConnect Network Access Manager

Feature	Minimum ASA/ASDM Release	License Required	Windows	Mac	Linux
Core	ASA 8.4(1) ASDM 6.4(1)	Plus	yes	no	no
Wired support IEEE 802.3			yes
Wireless support IEEE 802.11			yes
Pre-logon & Single Sign on Authentication			yes
IEEE 802.1X			yes
IEEE 802.1AE MACsec			yes
EAP methods			yes
FIPS 140-2 Level 1			yes
Mobile Broadband support	ASA 8.4(1) ASDM 7.0		yes
IPv6	ASA 9.0 ASDM 7.0		yes
NGE and NSA Suite-B	ASA 9.0 ASDM 7.0		yes

AnyConnect Secure Mobility Modules

Hostscan and Posture Assessment

Feature	Minimum ASA/ASDM Release	License Required	Windows	Mac	Linux
Endpoint Assessment	ASA 8.0(4) ASDM 6.3(1)	Apex	yes	yes	yes
Endpoint Remediation		Apex	yes	yes	yes
Quarantine		Apex	yes	yes	yes
Quarantine status & terminate message	ASA 8.3(1) ASDM 6.3(1)	Apex	yes	yes	yes
Hostscan Package Update	ASA 8.4(1) ASDM 6.4(1)	Apex	yes	yes	yes
Host Emulation Detection	ASA 8.4(1) ASDM 6.4(1)	Apex	yes	no	no

ISE Posture

Feature	Minimum AnyConnect Release	Minimum ASA/ASDM Release	Minimum ISE Release	License Required	Windows	Mac	Linux
Change of Authorization (CoA)	4.0	ASA 9.2.1 ASDM 7.2.1	1.4	Plus	yes	yes	yes
ISE Posture Profile Editor	4.0	ASA 9.2.1 ASDM 7.2.1	n/a	Apex	yes	yes	yes
AC Identity Extensions (ACIDex)	4.0	n/a	1.4	Plus	yes	yes	yes
ISE Posture Module	4.0	n/a	1.4	Apex	yes	yes	no

Web Security

Feature	Minimum ASA/ASDM Release	License Required	Windows	Mac	Linux
Core	ASA 8.4(1) ASDM 6.4(1)	Plus	Yes Yes	yes	no
Cloud-Hosted Configuration	ASA 8.4(1) ASDM 6.4(1)
Secure Trusted Network Detection	ASA 8.4(1) ASDM 7.0
Dynamic Configuration Elements
Fail Close / Fail Open Policy

Reporting and Troubleshooting Modules

Customer Experience Feedback

Feature

Minimum ASA/ASDM Release

License Required

Windows

Mac

Linux

Customer Experience Feedback

ASA 8.4(1)

ASDM 7.0

Plus

yes

Diagnostic and Report Tool (DART)

Log Type	Minimum ASA/ASDM Release	License Required	Windows	Mac	Linux
VPN	ASA 8.0(4) ASDM 6.3(1)	Plus Apex	yes	yes	yes
Network Access Manager	ASA 8.4(1) ASDM 6.4(1)		yes	no	no
Posture Assessment			yes	yes	yes
Web Security			yes	yes	no

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)

This Document Applies to These Products

AnyConnect Secure Mobility Client v4.x

AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.0

Available Languages

Download Options

Bias-Free Language

Table of Contents

AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.0

Supported Operating Systems

License Options

AnyConnect Plus and Apex Licenses

Features Matrix

AnyConnect Deployment and Configuration

AnyConnect Core VPN Client

Core Features

Connect and Disconnect Features

Authentication and Encryption Features

Interfaces

AnyConnect Network Access Manager

AnyConnect Secure Mobility Modules

Hostscan and Posture Assessment

ISE Posture

Web Security

Reporting and Troubleshooting Modules

Customer Experience Feedback

Diagnostic and Report Tool (DART)

© 2014 Cisco Systems, Inc. All rights reserved.

Was this Document Helpful?

Contact Cisco

This Document Applies to These Products