AnyConnect Secure Mobility Client Features, Licenses, And OSs . - Cisco
AnyConnect Secure Mobility ClientFeatures, Licenses, and OSs, Release 4.8This document identifies the AnyConnect release 4.8 features, license requirements, and endpoint operatingsystems that AnyConnect features support.Supported Operating SystemsCisco AnyConnect Secure Mobility Client 4.8 supports the following operating systems.Operating SystemVersionWindowsMicrosoft-supported versions of Windows 10 forARM64-based PCs (Supported in VPN client and DARTonly)Current Microsoft supported versions of Windows 10x86(32-bit) and x64(64-bit)Windows 8.1 x86(32-bit) and x64(64-bit)Windows 8 x86(32-bit) and x64(64-bit)Windows 7 SP1 x86(32-bit) and x64(64-bit)macOSmacOS 10.13*, 10.14(64-bit), 10.15(64-bit)LinuxRed Hat 6 and 7 (64-bit)Ubuntu 16.04 (LTS) and 18.04 (LTS) (all 64-bit)*To use AnyConnect with macOS 10.13 (High Sierra), you must follow a manual process to leverageAnyConnect’s complete capabilities. AnyConnect 4.5.02033 has warnings to guide you through thesteps. During AnyConnect installation of 4.5.02033, you see a “System Extension Blocked” messagethat says that if you want to enable this kernel extension, you must open Security and Privacy SystemPreferences. By clicking OK at this message, a window pops up that details what attention is requiredto enable the system extension. The window prompts you to Open Preferences and Allow the Ciscosystem software in the Security & Privacy screen.Note: Cisco no longer supports AnyConnect releases for Windows XP.See the Release Notes for Cisco AnyConnect Secure Mobility Client for OS requirements and support notes. Seethe Supplemental End User Agreement (SEULA) for licensing terms and conditions. See the Cisco AnyConnectOrdering Guide for a breakdown of orderability and the specific terms and conditions of the various licenses.See the Feature Matrix below for license information and operating system limitations that apply to AnyConnectmodules and features.AnyConnect 4.3 (and later) has moved to the Visual Studio (VS) 2015 build environment and requires VSredistributable files for its Network Access Manager module functionality. These files are installed as part of theinstall package. You can use the .msi files to upgrade the Network Access Manager module to 4.3 (or later), butthe AnyConnect Security Mobility Client must be upgraded first and running release 4.3 (or later).Cisco Systems, Inc.www.cisco.com1
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.8License OptionsAlso, with the addition of the AnyConnect Umbrella Roaming Security Module, Microsoft .NET 4.0 is required.License OptionsUse of the AnyConnect Secure Mobility Client 4.8 requires that you purchase either an AnyConnect Plus orAnyConnect Apex license. The license(s) required depends on the AnyConnect VPN Client and Secure Mobilityfeatures that you plan to use, and the number of sessions that you want to support. These user-based licensesinclude access to support and software updates to align with general BYOD trends.AnyConnect 4.8 licenses are used with Cisco ASA 5500 Series Adaptive Security Appliances (ASA), IntegratedServices Routers (ISR), Cloud Services Routers (CSR), and Aggregated Services Routers (ASR), as well as othernon-VPN headends such as Identity Services Engine (ISE), Cloud Web Security (CWS), and Web SecurityAppliance (WSA). A consistent model is used regardless of the headend, so there is no impact when headendmigrations occur.One or more of the following AnyConnect licenses may be required for your deployment:LicenseDescriptionAnyConnect PlusSupports basic AnyConnect features such as VPN functionalityfor PC and mobile platforms (AnyConnect and standards-basedIPsec IKEv2 software clients), FIPS, basic endpoint contextcollection, 802.1x Windows supplicant, and web security SSLVPN. Plus licenses are most applicable to environmentspreviously served by the AnyConnect Essentials license andusers of Network Access Manager or Web Security modules.AnyConnect ApexSupports all basic AnyConnect Plus features in addition toadvanced features such as clientless VPN, VPN posture agent,unified posture agent, Next Generation Encryption/Suite B,SAML, all plus services and flex licenses. Apex licenses are mostapplicable to environments previously served by the AnyConnectPremium, Shared, Flex, and Advanced Endpoint Assessmentlicenses.VPN Only (Perpetual)Supports VPN functionality for PC and mobile platforms,clientless (browser-based) VPN termination on ASA, VPN-onlycompliance and posture agent in conjunction with ASA, FIPScompliance, and next-generation encryption (Suite B) withAnyConnect and third-party IKEv2 VPN clients. VPN onlylicenses are most applicable to environments wanting to useAnyConnect exclusively for remote access VPN services but withhigh or unpredictable total user counts. No other AnyConnectfunction or service (such as Web Security module, CiscoUmbrella Roaming, ISE Posture, Network Visibility module, orNetwork Access Manager) is available with this licensee.AnyConnect Plus and Apex LicensesFrom the Cisco Commerce Workspace website, choose the service tier (Apex or Plus) and the length of term (1,3, or 5 year). The number of licenses that are needed is based on the number of unique or authorized users thatwill make use of AnyConnect. AnyConnect 4.7 is not licensed based on simultaneous connections. You can mixApex and Plus licenses in the same environment, and only one license is required for each user.AnyConnect 4.7 licensed customers are also entitled to earlier AnyConnect releases.2
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.8Features MatrixFeatures MatrixAnyConnect 4.8 modules and features, with their minimum release requirements, license requirements, andsupported operating systems are listed in the following sections: AnyConnect Deployment and Configuration AnyConnect Core VPN Client— Core Features— Connect and Disconnect Features— Authentication and Encryption Features— Interfaces AnyConnect Network Access Manager * If you are using ISE as a RADIUS server, note the following guideline:— HostScan and Posture Assessment— ISE Posture Customer Experience Feedback— Customer Experience Feedback— Diagnostic and Report Tool (DART) AMP Enabler Network Visibility Module Umbrella Roaming Security ModuleAnyConnect Deployment and equiredWindowsmacOSLinuxDeferred UpgradesASA yesPlusyesyesyesPlusyesyesyesASDM 7.0Windows ServicesLockdownASA 8.0(4)Update Policy,Software and ProfileLockASA 8.0(4)Auto UpdateASA 8.0(4)ASDM 6.4(1)ASDM 6.4(1)ASDM 6.3(1)Web LaunchASA 8.0(4)(32 bit browsers only)ASDM 6.3(1)Pre-deploymentASA 8.0(4)ASDM 6.3(1)3
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.8Features WindowsmacOSLinuxAuto Update ClientProfilesASA 8.0(4)PlusyesyesyesAnyConnect ProfileEditorASA 8.4(1)PlusyesyesyesUser ControllableFeaturesASA 8.0(4)PlusyesyesnoASDM 6.4(1)ASDM 6.4(1)ASDM 6.3(1)4
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.8Features MatrixAnyConnect Core VPN ClientCore edWindowsmacOSLinuxSSL (TLS & DTLS),including Per App VPNASA 8.0(4)PlusyesyesyesTLS CompressionASA esyesyesASDM 6.3(1)ASDM 6.3(1)DTLS fallback to TLSASA 8.4.2.8ASDM 6.3(1)IPsec/IKEv2ASA 8.4(1)ASDM 6.4(1)Split tunnelingASA 8.0(x)ASDM 6.3(1)Dynamic SplitTunnelingASA 9.0Plus, Apex, orVPN-onlyyesyesnoEnhanced DynamicSplit TunnelingASA 9.0Plus, Apex, orVPN-onlyyesyesnoSplit DNSASA yesPlusyesyesyesASDM 6.3(1)Ignore Browser ProxyASA 8.3(1)ASDM 6.3(1)Proxy Auto Config(PAC) file generationASA 8.0(4)Internet ExplorerConnections tablockdownASA 8.0(4)Optimal GatewaySelectionASA 8.0(4)Global Site Selector(GSS) compatibilityASA 8.0(4)Local LAN AccessASA 8.0(4)ASDM 6.3(1)ASDM 6.3(1)ASDM 6.3(1)ASDM 6.4(1)ASDM 6.3(1)Tethered deviceaccess via clientfirewall rules, forsynchronizationASA 8.3(1)Local printer access viaclient firewall rulesASA 8.3(1)ASDM 6.3(1)ASDM 6.3(1)5
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.8Features WindowsmacOSLinuxIPv6ASA 9.0PlusyesyesnoPlusyesyesyesASDM 7.0Further IPv6implementationASA 9.7.1Certificate PinningnodependencyPlus, Apex, orVPN-onlyyesyesyesManagement VPNtunnelASA 9.0ApexyesyesnoASDM 7.7.1ASDM 7.10.16
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.8Features MatrixConnect and Disconnect edWindowsmacOSLinuxSimultaneousClientless &AnyConnectconnectionsASA8.0(4)ApexyesyesyesStart Before Logon(SBL)ASA 8.0(4)PlusyesnonoRun script on connect& disconnectASA 8.0(4)PlusyesyesyesMinimize on connectASA noPlusyesyesnoPlusyesyesnoASDM 6.3(1)ASDM 6.3(1)ASDM 6.3(1)ASDM 6.3(1)Auto connect on startASA 8.0(4)ASDM 6.3(1)Auto reconnect(disconnect on systemsuspend, reconnect onsystem resume)ASA 8.0(4)Remote User VPNEstablishment(permitted or denied)ASA 8.0(4)Logon Enforcement(terminate VPN sessionif another user logs in)ASA 8.0(4)Retain VPN session(when user logs off,and then when this oranother user logs in)ASA 8.0(4)Trusted NetworkDetection (TND)ASA 8.0(4)Always on (VPN mustbe connected toaccess network)ASA 8.0(4)Always on exemptionvia DAPASA 8.3(1)Connect Failure Policy(Internet accessallowed or disallowed ifVPN connection fails)ASA 8.0(4)ASDM 6.3(1)ASDM 6.3(1)ASDM 6.3(1)ASDM 6.3(1)ASDM 6.3(1)ASDM 6.3(1)ASDM 6.3(1)ASDM 6.3(1)7
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.8Features WindowsmacOSLinuxCaptive PortalDetectionASA 8.0(4)PlusyesyesyesCaptive PortalRemediationASA 8.0(4)PlusyesyesnoEnhanced CaptivePortal RemediationnodependencyPlusyesnonoASDM 6.3(1)ASDM 6.3(1)Authentication and Encryption edWindowsmacOSLinuxCertificate onlyauthenticationASA 8.0(4)PlusyesyesyesRSA SecurID /SoftIDintegrationPlusyesnonoSmartcard supportPlusyesyesnoSCEP (requires PostureModule if Machine ID isused)PlusyesyesnoList & select yesPlusyesyesyesApexyesyesyesSHA-2 for IPsec IKEv2(Digital Signatures,Integrity, & PRF)ASDM 6.3(1)ASA 8.0(4)ASDM 6.4(1)Strong Encryption(AES-256 & 3des-168)NSA Suite-B (IPseconly)ASA 9.0Enable CRL checkn/aApexyesnonoSAML 2.0 SSOASA 9.7.1Apex or VPNonlyyesyesyesASDM 7.0ASDM 7.7.1Enhanced SAML 2.0ASA 9.7.1.24ASA 9.8.2.28ASA 9.9.2.1Apex or ASA 9.7.1Plus, Apex, orVPN onlyyesyesyesASDM 7.7.18
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.8Features seRequiredWindowsmacOSLinuxGUIASA 8.0(4)PlusyesyesyesCommand LineASDM 6.3(1)yesyesyesAPIyesyesyesMicrosoft ComponentObject Module (COM)yesnonoLocalization of UserMessagesyesyesnoCustom MSI transformsyesnonoUser defined resourcefilesyesyesnoyesyesnoClient HelpASA 9.0ASDM 7.09
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.8Features MatrixAnyConnect Network Access dWindowsmacOSLinuxCoreASA 8.4(1)PlusyesnonononoASDM 6.4(1)Wired support IEEE802.3yesWireless support IEEE802.11yesPre-logon & SingleSign onAuthenticationyesIEEE 802.1XyesIEEE 802.1AEMACsecyesEAP methodsyesFIPS 140-2 Level 1yesMobile BroadbandsupportASA 8.4(1)yesIPv6ASA 9.0yesNGE and NSA Suite-BASDM 7.0yesTLS 1.2 for VPNconnectivity*n/ayesASDM 7.0* If you are using ISE as a RADIUS server, note the following guideline:ISE started support for TLS 1.2 in release 2.0. Network Access Manager and ISE will negotiate to TLS 1.0 if youhave the AnyConnect 4.7 version with TLS 1.2 and an ISE release prior to 2.0. Therefore, if you upgradeAnyConnect Network Access Manager to 4.7 and use EAP-FAST with ISE 2.0 (or later) for RADIUS servers, youmust upgrade to the 2.4p5 release of ISE.10
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.8Features MatrixAnyConnect Secure Mobility ModulesHostScan and Posture iredWindowsmacOSLinuxEndpoint AssessmentASA 8.0(4)ApexyesyesyesEndpoint RemediationASDM ne status &terminate messageASA 8.3(1)HostScan PackageUpdateASA 8.4(1)ASDM 6.3(1)ASDM 6.4(1)Host EmulationDetectionOPSWAT v4ASA 9.9(1)ASDM 7.9(1)ISE SDMReleaseMinimum ISEReleaseLicenseRequiredWindowsmacOSLinuxChange ofAuthorization (CoA)4.0ASA 9.2.12.0PlusyesyesyesISE Posture ProfileEditor4.0n/aApexyesyesyesAC Identity Extensions(ACIDex)4.0n/a2.0PlusyesyesyesISE Posture Module4.0n/a2.0ApexyesyesnoDetection of USBmass storage devices(v4 only)4.3n/a2.1ApexyesnonoOPSWAT v44.3n/a2.1ApexyesyesnoStealth Agent forposture4.4n/a2.2ApexyesyesnoContinuous tionprovisioning anddiscovery4.4n/a2.2ApexyesyesnoApplication kill anduninstall capabilities4.4n/a2.2ApexyesyesnoCisco Temporal Agent4.5n/a2.3ISE ApexyesyesnoASDM 7.2.1ASA 9.2.1ASDM 7.2.111
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.8Features DMReleaseMinimum ISEReleaseLicenseRequiredWindowsmacOSLinuxEnhanced SCCMapproach4.5n/a2.3AC Apexand ISEApexyesnonoPosture policyenhancements foroptional mode4.5n/a2.3AC Apexand ISEApexyesyesnoPeriodic probe intervalin profile editor4.5n/a2.3AC Apexand ISEApexyesyesnoVisibility into hardwareinventory4.5n/a2.3AC Apexand ISEApexyesyesnoGrace period fornoncompliant devices4.6n/a2.4AC Apexand ISEApexyesyesnoPosture rescan4.6n/a2.4AC Apexand ISEApexyesyesnoAnyConnect stealthmode notifications4.6n/a2.4AC Apexand ISEApexyesyesnoDisabling UAC prompt4.6n/a2.4AC Apexand ISEApexyesnonoEnhanced graceperiod4.7n/a2.6AC Apexand ISEApexyesyesnoCustom notificationcontrols and revampof remediationwindows4.7n/a2.6AC Apexand ISEApexyesyesnoWarning!Incompatibility warning: If you are an ISE customer running 2.0 or higher you must read this before proceeding!The ISE RADIUS has supported TLS 1.2 since release 2.0, however there is a defect in the ISE implementation ofEAP-FAST using TLS 1.2 tracked by CSCvm03681. The defect has been fixed in the 2.4p5 release of ISE.If NAM 4.7 is used to authenticate using EAP-FAST with any ISE releases that support TLS 1.2 prior to theabove releases, the authentication will fail and the endpoint will not have access to the network.12
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.8Features MatrixWeb edWindowsmacOSLinuxCoreASA 8.4(1)PlusYesyesnoCloud-HostedConfigurationASDM 6.4(1)Secure TrustedNetwork DetectionASA 8.4(1)YesASDM 7.0DynamicConfigurationElementsFail Close / Fail OpenPolicy13
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.8Features MatrixAMP EnablerFeatureMinimumASA/ASDMReleaseMinimum ISEReleaseLicenseRequiredWindowsmacOSLinuxAMP enablerASDM 7.4.2ISE 1.4PlusYesYesNoASA 9.4.1Network Visibility ModuleFeatureMinimumASA/ASDMReleaseMinimum ISEReleaseLicenseRequiredWindowsmacOSLinuxNetwork VisibilityModuleASDM 7.5.1no ISEdependencyApexYesYesYesAdjustment to theASDM 7.5.1rate at which data isASA 9.5.1sentno ISEdependencyApexYesYesYesCustomization ofNVM timerno ISEdependencyApexYesYesYesBroadcast andASDM 7.5.1multicast option forASA 9.5.1data collectionno ISEdependencyApexYesYesYesCreation ofanonymizationprofilesASDM 7.5.1no ISEdependencyApexYesYesYesBroader datacollection andanonymization withhashingASDM 7.7.1no ISEdependencyApexYesYesYesSupport for Java as ASDM 7.7.1a containerASA 9.7.1no ISEdependencyApexYesYesYesConfiguration ofASDM 7.7.1cache to customizeASA 9.7.1no ISEdependencyApexYesYesYesPeriodic flowreportingASDM 7.7.1no ISEdependencyApexYesYesYesFlow filtern/ano ISEdependencyApexYesYesYesStandalone NVMn/an/aApexYesYesYesASA 9.5.1ASDM 7.5.1ASA 9.5.1ASA 9.5.1ASA 9.7.1ASA 9.7.114
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.8Features MatrixUmbrella Roaming Security ModuleFeatureMinimumASA/ASDMReleaseMinimum ISEReleaseLicenseRequiredWindowsmacOSLinuxUmbrella RoamingSecurity ModuleASDM 7.6.2ISE 2.0Either Plus orApexYesYesNoASA 9.4.1Umbrellalicensing ismandatoryUmbrella SecureWeb Gatewayn/an/aSIG Essentialpackage fromUmbrellaYesYesNoOpenDNS IPv6supportn/an/an/aYesYesNoFor information on Umbrella licensing, eat-enforcement/packages/.Reporting and Troubleshooting ModulesCustomer Experience edWindowsmacOSLinuxCustomer ExperienceFeedbackASA 8.4(1)PlusyesyesnoASDM 7.0Diagnostic and Report Tool (DART)Log cOSLinuxVPNASA 8.0(4)PlusyesyesyesyesnonoyesyesyesyesyesnoASDM 6.3(1)Network AccessManagerPosture AssessmentWeb SecurityASA 8.4(1)ASDM 6.4(1)Apex15
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.8Features MatrixCisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. Toview a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the propertyof their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any othercompany. (1110R)Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phonenumbers. Any examples, command display output, network topology diagrams, and other figures included in the document areshown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional andcoincidental. 2019 Cisco Systems, Inc. All rights reserved.16
Use of the AnyConnect Secure Mobility Client 4.8 requires that you purchase either an AnyConnect Plus or AnyConnect Apex license. The license(s) required depe nds on the AnyConnect VPN Client and Secure Mobility features that you plan to use, and the number of sessions that you want to support. These user-based licenses
4 Release Notes for Cisco AnyConnect Secure Mobility Client, Release 3.1 Important Security Considerations Step 8 See, "Configuring the ASA to Down load AnyConnect" in Chapter 2, Deploying the AnyConnect Secure Mobility Client in the Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.1 to install the packages onto an ASA or to deploy AnyConnect using your enterprise .
Mobility Client must be upgraded first and running release 4.3. Also, with the addition of the AnyConnect Umbrella Roaming Security Module, Microsoft .NET 4.0 is required. License Options Use of the AnyConnect Secure Mobility Client 4.3 requires that you purchase either an AnyConnect Plus or AnyConnect Apex license. The license(s) required .
Page 3 of 15 Overview Cisco Secure Client, formerly Cisco AnyConnect Secure Mobility Client, is available for Windows 10 and 11. The user interface will be familiar to current AnyConnect users with some updated branding and iconography. Customers running on macOS and Linux will continue to utilize AnyConnect 4.x until Cisco Secure Client has full
1. Once installed, find the Cisco AnyConnect application from one of two areas: a. In your Launchpad: b. In the Application folder, find the Cisco folder, then click AnyConnect Secure Mobility Client. 2. This will launch the AnyConnect Secure Mobility Client. 1. Type vpn.uic.edu into the space provided. 2. Click Connect.
4. Download Both Anyconnect profile editor (Windows) version 4.2.x AND AnyConnect Web Security Windows installation package version 4.2.x to a new Folder Creating AnyConnect Group 1.
This document describes the packaging structure and ordering information for the Cisco Secure Client (Formerly AnyConnect ). Audience: This guide is for Cisco sales teams, partners, distributors, and customers. Scope: This ordering guide covers the following products: Cisco Secure Client 5 Including AnyConnect Secure Mobility Client 4.x
HOW TO UNINSTALL THE ANYCONNECT CLIENT IN WINDOWS 10 1. Click Start 2. Select Control Panel 3. Select Programs 4. Click Programs and Features 5. Select the "Cisco AnyConnect Secure Mobility Client" by clicking on it, and then click the Uninstall button. 6. If you are not using AnyConnect client for any other VPN connection, you can delete .
USING INQUIRY-BASED APPROACHES IN TRADITIONAL PRACTICAL ACTIVITIES Luca Szalay1, Zoltán Tóth2 1Eötvös LorándUniversity, Faculty of Science, Institute of Chemistry, Pázmány Pétersétány1/A, H-1117 Budapest, Hungary, luca@chem.elte.hu 2University of Debrecen, Faculty of Science and Technology, Department of Inorganic and Analytical Chemistry,, Egyetem tér1., H-4010 Debrecen, Hungary,
