Cisco AnyConnect Secure Mobility Client Features, Minimum Release Requirements, License Requirements, and Supported Operating Systems

Document

Wed, 03/15/2017 - 11:00
Mar 14th, 2017
User Badges:

Cisco Support Community

Article ID: 5451

Objective

The Cisco AnyConnect Secure Mobility Client, also known as the Cisco AnyConnect VPN Client, is a software application for connecting to a Virtual Private Network (VPN) that works on various operating systems and hardware configurations. This software application makes it possible for remote resources of another network become accessible as if the user is directly connected to the network, but in a secure way. Cisco AnyConnect Secure Mobility Client provides an innovative new way to protect mobile users on computer-based or smart-phone platforms, providing a more seamless, always-protected experience for end users and comprehensive policy enforcement for an IT administrator.

One or more of the following AnyConnect licenses may be required for your deployment:

  • AnyConnect Plus — Supports basic AnyConnect features such as VPN functionality for PC and mobile platforms (AnyConnect and standards-based IPsec Internet Key Exchange version 2 (IKEv2) software clients), Federal Information Processing Standard (FIPS), basic endpoint context collection, 802.1x Windows supplicant, and web security Secure Sockets Layer (SSL) VPN. Plus licenses are most applicable to environments previously served by the AnyConnect Essentials license and users of Cisco Identity Services Engine (ISE) posture, Network Access Manager, or Web Security modules.
  • AnyConnect Apex — Supports all basic AnyConnect Plus features in addition to advanced features such as clientless VPN, VPN posture agent, unified posture agent, Next Generation Encryption or Suite B, Security Assertion Markup Language (SAML), all plus services and flex licenses. Apex licenses are most applicable to environments previously served by the AnyConnect Premium, Shared, Flex, and Advanced Endpoint Assessment licenses.
  • VPN Only (Perpetual) — Supports VPN functionality for PC and mobile platforms, clientless (browser-based) VPN termination on Adaptive Security Appliance (ASA), VPN-only compliance and posture agent in conjunction with ASA, FIPS compliance, and next-generation encryption (Suite B) with AnyConnect and third-party IKEv2 VPN clients. VPN only licenses are most applicable to environments wanting to use AnyConnect exclusively for remote access VPN services but with high or unpredictable total user counts. No other AnyConnect function or service (such as Web Security module, Cisco Umbrella Roaming, ISE Posture, Network Visibility module, or Network Access Manager) is available with this licensee.

The objective of this document is to show you the Features matrix of the Cisco AnyConnect Secure Mobility Client and the minimum release requirements, license requirements, and supported operating systems.

Software Version

  • 4.4

Features Matrix

AnyConnect Deployment and Configuration

AnyConnect Core VPN Client

Core Features

Connect and Disconnect Features

Authentication and Encryption Features

Interfaces

AnyConnect Deployment and Configuration

Feature

Minimum ASA or ASDM Release

License Required

Windows

Mac

Linux

Deferred Upgrades

ASA 9.0

ASDM 7.0

Plus

yes

yes

yes

Windows Services Lockdown

ASA 8.0 (4)

ASDM 6.4 (1)

Plus

yes

no

no

Update Policy, Software and Profile Lock

ASA 8.0 (4)

ASDM 6.4 (1)

Plus

yes

yes

yes

Auto Update

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

yes

Web Launch

(32-bit browsers only)

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

yes

Pre-deployment

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

yes

Auto Update Client Profiles

ASA 8.0 (4)

ASDM 6.4 (1)

Plus

yes

yes

yes

AnyConnect Profile Editor

ASA 8.4 (1)

ASDM 6.4 (1)

Plus

yes

yes

yes

User Controllable Features

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

no

AnyConnect Core VPN Client

Core Features

Feature

Minimum ASA or ASDM Release

License Required

Windows

Mac

Linux

SSL Transport Layer Security (TLS & Datagram TLS), including Per App VPN

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

yes

TLS Compression

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

yes

DTLS fallback to TLS

ASA 8.4.2.8

ASDM 6.3 (1)

Plus

yes

yes

yes

IPsec/IKEv2

ASA 8.4 (1)

ASDM 6.4 (1)

Plus

yes

yes

yes

Split tunneling

ASA 8.0 (x)

ASDM 6.3 (1)

Plus

yes

yes

no

Split Domain Name System (DNS)

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

no

Ignore Browser Proxy

ASA 8.3 (1)

ASDM 6.3 (1)

Plus

yes

yes

no

Proxy Auto Config (PAC) file generation

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

no

no

Internet Explorer tab lockdown

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

no

no

Optimal Gateway Selection

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

no

Global Site Selector (GSS) compatibility

ASA 8.0 (4)

ASDM 6.4 (1)

Plus

yes

yes

yes

Local LAN Access

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

yes

Tethered device access via client firewall rules, for synchronization

ASA 8.3 (1)

ASDM 6.3 (1)

Plus

yes

yes

yes

Local printer access via client firewall rules

ASA 8.3 (1)

ASDM 6.3 (1)

Plus

yes

yes

yes

IPv6

ASA 9.0

ASDM 7.0

Plus

yes

yes

no

Further IPv6 implementation

ASA 9.7.1

ASDM 7.7.1

Plus

yes

yes

yes

Connect and Disconnect Features

Feature

Minimum ASA or ASDM Release

License Required

Windows

Mac

Linux

Simultaneous Clientless & AnyConnect connections

ASA8.0 (4)

ASDM 6.3 (1)

Apex

yes

yes

yes

Start Before Logon (SBL)

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

no

no

Run script on connect & disconnect

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

yes

Minimize on connect

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

yes

Auto connect on start

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

yes

Auto reconnect (disconnect on system suspend, reconnect on system resume)

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

no

Remote User VPN Establishment (permitted or denied)

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

no

no

Logon Enforcement (terminate VPN session if another user logs in)

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

no

no

Retain VPN session (when user logs off, and then when this or another user logs in)

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

no

no

Trusted Network Detection (TND)

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

no

Always on (VPN must be connected to access network)

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

no

Always on exemption via Directory Access Protocol

(DAP)

ASA 8.3 (1)

ASDM 6.3 (1)

Plus

yes

yes

no

Connect Failure Policy (Internet access allowed or disallowed if VPN connection fails)

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

no

Captive Portal Detection

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

no

Captive Portal Remediation

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

no

 

Authentication and Encryption Features

Feature

Minimum ASA or ASDM Release

License Required

Windows

Mac

Linux

Certificate only authentication

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

yes

RSA SecurID /SoftID integration

Plus

yes

no

no

Smartcard support

Plus

yes

yes

no

Simple Certificate Enrollment Protocol

(SCEP) (requires Posture Module if Machine ID is used)

Plus

yes

yes

no

List & select certificates

Plus

yes

no

no

FIPS

Plus

yes

yes

yes

Secure Hash Algorithm 

(SHA)-2 for IPsec IKEv2 (Digital Signatures, Integrity, & PRF)

ASA 8.0 (4)

ASDM 6.4 (1)

Plus

yes

yes

yes

Strong Encryption Advanced Encryption Standard (AES-256 & 3des-168)

 

Plus

yes

yes

yes

Network Security Appliance (NSA) Suite-B (IPsec only)

ASA 9.0

ASDM 7.0

Apex

yes

yes

yes

Enable Certificate Revocation List

(CRL) check

n/a

Apex

yes

no

no

SAML 2.0 SSO

ASA 9.7.1

ASDM 7.7.1

Apex or VPN only

yes

yes

yes

Multiple-certificate authentication

ASA 9.7.1

ASDM 7.7.1

Plus, Apex, or VPN only

yes

yes

yes

Interfaces

Feature

Minimum ASA or ASDM Release

License Required

Windows

Mac

Linux

Graphical User Interface (GUI)

ASA 8.0 (4)

ASDM 6.3 (1)

Plus

yes

yes

yes

Command Line

yes

yes

yes

Application Programming Interface

yes

yes

yes

Microsoft Component Object Module (COM)

yes

no

no

Localization of User Messages

yes

yes

no

Custom MSI transforms

yes

no

no

User defined resource files

yes

yes

no

Client Help

ASA 9.0

ASDM 7.0

yes

yes

yes

 

Loading.

Actions

This Document