Guest

Cisco AnyConnect Secure Mobility Client

AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 2.5

  • Viewing Options

  • PDF (116.7 KB)
  • Feedback
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 2.5

Table Of Contents

AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 2.5


AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 2.5


Published: August 13, 2010

This document identifies the AnyConnect Release 2.5 features, license requirements, and endpoint OSs that each feature supports. It also shows a progressive chart of the licenses available and the features they support.

AnyConnect requires an AnyConnect Essentials license or an AnyConnect Premium SSL VPN Edition license to specify the maximum number of remote access sessions supported at a time. Either license supports the features in Table 1.

Table 1 Basic Features Supported by AnyConnect Essentials and Premium Licenses

Client Feature
OSs Supported 1

WebLaunch deployment.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Manual (standalone) endpoint installation.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Windows Mobile

Remote Desktop Protocol (RDP) session to establish an AnyConnect session.

Windows

Datagram Transport Layer Security (DTLS) with SSL access to VPN.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Windows Mobile

Compression for TLS—Increases the communications performance between the security appliance and the client.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Fallback from DTLS to TLS if DTLS fails.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Windows Mobile

PPP exclusion route for AnyConnect over L2TP or PPTP.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Start script on connect and another on disconnect.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Certificate-only authentication.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Windows Mobile

Machine certificate authentication for standalone mode.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

RSA SecurID integration.

Windows 7, Vista, and XP

RSA SecurID Software Token Client Software 1.1 or later support (single token only).

Windows 7, Vista, and XP

Smartcard support.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Simple Certificate Enrollment Protocol (SCEP) to provision and renew a certificate used for client authentication.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Windows Mobile

List valid certificates for users to select to authenticate the VPN session.

Windows 7, Vista, and XP

Certificate store and certificate store override.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Dynamic access policies for multiple group membership and endpoint security.

Note: Requires ASA 8.0(x) or later.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Quarantine—The use of AAA attributes and dynamic access policies to isolate a VPN session.

Note: Requires ASA 8.0(x) or later. Showing quarantine status and terminate user messages requires ASA 8.3(1) or later.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Graphical and CLI user interfaces.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Minimize on connect.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Windows Mobile

Split tunneling to permit the endpoint to send some traffic in the clear Note: Requires ASA 8.0(x) or later.

Windows 7, Vista, and XP

In-the-clear DNS queries with split tunneling enabled.

Windows 7, Vista, and XP

Ignore Proxy—Bypass Internet Explorer proxy configuration on endpoint.

Note: Requires ASA 8.3(1) or later.

Windows 7, Vista, and XP

Mac OS X Safari Proxy.

Note: Requires ASA 8.3(1) or later.

Mac OS X (10.5, 10.6, and 10.7)

Proxy auto-configuration file generation for browser-based (clientless) support.

Windows 7, Vista, and XP

Internet Explorer Connections tab lockdown.

Windows 7, Vista, and XP

IPv6 VPN access—Allows access to IPv6 resources over a public IPv4 connection.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Local LAN access.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Tethered device support (phone synchronization).

Windows 7, Vista, and XP

Local printer access through endpoint firewall rules.

Windows 7, Vista, and XP

Trusted network detection (TND).

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Captive portal (hotspot) detection.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Session resume.

Windows 7, Vista, and XP

Optimal gateway selection.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Start before logon (SBL).

Windows 7, Vista, and XP

Auto connect on start.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Windows Mobile

Network roaming, also called auto reconnect.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Windows Mobile

Resume session after loss of connectivity.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Auto update AnyConnect.

Note: Requires ASA 8.0(x) or later.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Auto update AnyConnect profile.

Note: Requires ASA 8.0(x) or later.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Logon enforcement to terminate the VPN session if a second user logs onto Windows.

Windows 7, Vista, and XP

Permit or deny a user who is remotely logged onto a PC to use it to establish a VPN session.

Windows 7, Vista, and XP

Retain VPN session if the user logs off Windows and whether to disconnect the VPN session if a different, local user logs onto Windows.

Windows 7, Vista, and XP

Diagnostic AnyConnect Reporting Tool (DART).

Windows 7, Vista, and XP

Federal Information Processing Standard (FIPS) security.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

1 For Red Hat Enterprise Linux 5 Desktop and Ubuntu 9.x requirements, see the Release Notes for Cisco AnyConnect Secure Mobility Client, Release 2.5.


Table 2 lists the advanced features, network and license requirements, and supported VPN endpoints.

Table 2 Advanced AnyConnect Features

Client Feature
Requirements
OSs Supported

Clientless access lets you use a browser to establish a VPN session and lets specific applications use the browser to access that session.

AnyConnect Premium SSL VPN Edition license

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Simultaneous AnyConnect client and clientless connections. Each connection has its own tunnel.

Both of the following:

ASA 8.0(x) or later

AnyConnect Premium SSL VPN Edition license

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

SSL VPN support for touch-screen devices running Windows Mobile.

Both of the following:

AnyConnect Mobile license

AnyConnect Essentials or AnyConnect Premium SSL VPN Edition license

Windows Mobile OS touch-screen devices. For the supported device list, see the Release Notes for Cisco AnyConnect Secure Mobility Client, Release 2.5.

Endpoint assessment for laptops and desktops ensures that your choice of antivirus software versions, antispyware versions, associated update definitions, firewall software versions, and corporate property verification checks comply with policies to qualify a session to be granted access to the VPN.

All of the following:

ASA 8.0(x) or later

Cisco Secure Desktop Host Scan

AnyConnect Premium SSL VPN Edition license

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Endpoint assessment for Windows Mobile supports the configuration of dynamic access policies that check for the following:

OS version

Device lock

Device policy for secondary storage encryption and password strength

SIM lock

GPS

Application policy

Bluetooth

ARM microprocessor

All of the following:

ASA 8.0(x) or later

Cisco Secure Desktop 3.5 Host Scan

AnyConnect Premium SSL VPN Edition license

Advanced Endpoint Assessment license

Cisco Secure Mobility license

Windows Mobile

Endpoint remediation attempts to resolve endpoint failures to satisfy corporate requirements for antivirus, antispyware, firewall software, and definitions file requirements

All of the following:

ASA 8.0(x) or later

Cisco Secure Desktop Host Scan

AnyConnect Premium SSL VPN Edition license

Advanced Endpoint Assessment license

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Post Log-in Always-on VPN establishes a VPN session automatically after the user logs in to a computer. It includes the following features:

Connect failure policy.

Captive portal hotspot remediation to relax a connect failure closed policy to let the user satisfy hotspot requirements for network access.

Exemption of certain VPN users from an always-on VPN deployment. Note: Requires ASA 8.3(1) to exempt users.

Either of the following:

AnyConnect Premium SSL VPN Edition license

AnyConnect Essentials or AnyConnect Premium SSL VPN Edition license, and Cisco IronPort Web Security license coupled with a Cisco Secure Mobility license

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Malware defense, acceptable use policy enforcement and data leakage prevention for the web

All of the following:

ASA 8.3(1) or later

WSA 7.0 or later

AnyConnect Essentials or AnyConnect Premium SSL VPN Edition license

Cisco IronPort Web Security license

Cisco Secure Mobility license

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Windows Mobile

Business continuity increases the number of licensed remote access VPN sessions to prepare for temporary spikes in usage during cataclysmic events such as pandemics.

Both of the following:

AnyConnect Premium SSL VPN Edition license

Flex license. Each flex license is ASA-specific and provides support for sixty days. The count can consist of both contiguous and noncontiguous days.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Windows Mobile


Table 3 lists the AnyConnect Profile editor API, and customization options; and the supporting OSs.

Table 3 AnyConnect Administrator Tools and OSs

AnyConnect Tool
OSs Supported

AnyConnect profile editor.

Note: Requires ASDM 6.3(1) or later.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Application Programming Interface (API) to create your own graphical user interface and automate a VPN connection with the AnyConnect client from another application.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Microsoft Component Object Module (COM) to permit interaction with other applications.

Windows 7, XP, and Vista

Language Translation (localization) of user messages that appear on the client user interface.

Note: Requires ASA 8.0(x) or later.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)

Extended customization and localization features:

Localized installs using localized MSI transforms (Windows only).

Custom MSI transforms (Windows only).

User-defined resource files.

Third-party GUI/CLI support.

Localization for Mac OS X.

Windows 7, Vista, and XP

Mac OS X (10.5, 10.6, and 10.7)


Table 4 shows which licenses you can combine with the AnyConnect Essentials and AnyConnect Premium SSL VPN Edition licenses.

Table 4 Advanced AnyConnect License Options

Sessions License
License Option
Basic Access
Post Log-in Always-on VPN
Malware Defense, Acceptable Use Policy Enforcement, and Data Leakage Prevention on the Web
Clientless Access
Endpoint Assessment
Endpoint Remediation
Business Continuity

AnyConnect Essentials

(base license)

 

 

 

 

   

Cisco Secure Mobility for AnyConnect Essentials

 

 

 

 

AnyConnect Premium SSL VPN Edition

(base license)

 

   

Cisco Secure Mobility for AnyConnect Premium

 

 

Advanced Endpoint Assessment

 

 

Flex1

1 A flex license provides business continuity support for malware defense, acceptable use policy enforcement, data leakage prevention on the web, and endpoint remediation features only if those features are licensed.


The following licenses require activation on a Cisco adaptive security appliance (ASA) running 8.0(x) or later:

AnyConnect Essentials license

AnyConnect Premium SSL VPN Edition license

Advanced Endpoint Assessment license

Flex license

You can activate either an AnyConnect Essentials or an AnyConnect Premium SSL VPN Edition license, but you cannot activate both licenses together on the same ASA. Some features require later versions of the ASA, as indicated in the Tables 1 and 2.

The Cisco Secure Mobility licenses requires activation on a Cisco IronPort Web Security Appliance (WSA) running 7.0 or later.

The activation of an AnyConnect Mobile license on the ASA supports mobile access, but does not provide support for the features in this table. It is available as an option with either an AnyConnect Essentials or an AnyConnect Premium SSL VPN Edition license.

Cisco Secure Remote Access: VPN Licensing Overview provides brief descriptions of the AnyConnect license options and example SKUs.

Licensing Information contains a Managing Feature Licenses document for each ASA release. Each one lists the licenses available for each ASA model, and describes how to obtain and activate these licenses.