PDF(645.6 KB) View with Adobe Reader on a variety of devices
Updated:December 7, 2016
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.5
This document identifies the AnyConnect release 4.5 features, license requirements, and endpoint operating systems that AnyConnect features support.
Supported Operating Systems
Cisco AnyConnect Secure Mobility Client 4.5 supports the following operating systems.
Windows 10, 10 RS1, RS2, and RS3 x86(32-bit) and x64(64-bit)
Windows 8.1 x86(32-bit) and x64(64-bit)
Windows 8 x86(32-bit) and x64(64-bit)
Windows 7 SP1 x86(32-bit) and x64(64-bit)
macOS 10.11, 10.12, and 10.13*
Red Hat 6 and 7 (64-bit)
Ubuntu 14.04 (LTS) and 16.04 (LTS) (all 64-bit)
*To use AnyConnect with macOS 10.13 (High Sierra), you must follow a manual process to leverage AnyConnect’s complete capabilities. AnyConnect 4.5.02033 has warnings to guide you through the steps. During AnyConnect installation of 4.5.02033, you see a “System Extension Blocked” message that says that if you want to enable this kernel extension, you must open Security and Privacy System Preferences. By clicking OK at this message, a window pops up that details what attention is required to enable the system extension. The window prompts you to
Open Preferences and
Allow the Cisco system software in the Security & Privacy screen.
AnyConnect releases 4.3.3086 and 4.2.6014 are the minimum required releases for macOS 10.12 support.
Note: Cisco no longer supports AnyConnect releases for Windows XP.
See the Feature Matrix below for license information and operating system limitations that apply to AnyConnect modules and features.
AnyConnect 4.3 (and later) has moved to the Visual Studio (VS) 2015 build environment and requires VS redistributable files for its Network Access Manager module functionality. These files are installed as part of the install package. You can use the.msi files to upgrade the Network Access Manager module to 4.3 (or later), but the AnyConnect Security Mobility Client must be upgraded first and running release 4.3 (or later).
Also, with the addition of the AnyConnect Umbrella Roaming Security Module, Microsoft.NET 4.0 is required.
Use of the AnyConnect Secure Mobility Client 4.5 requires that you purchase either an AnyConnect Plus or AnyConnect Apex license. The license(s) required depends on the AnyConnect VPN Client and Secure Mobility features that you plan to use, and the number of sessions that you want to support. These user-based licenses include access to support and software updates to align with general BYOD trends.
AnyConnect 4.5 licenses are used with Cisco ASA 5500 Series Adaptive Security Appliances (ASA), Integrated Services Routers (ISR), Cloud Services Routers (CSR), and Aggregated Services Routers (ASR), as well as other non-VPN headends such as Identity Services Engine (ISE), Cloud Web Security (CWS), and Web Security Appliance (WSA). A consistent model is used regardless of the headend, so there is no impact when headend migrations occur.
One or more of the following AnyConnect licenses may be required for your deployment:
Supports basic AnyConnect features such as VPN functionality for PC and mobile platforms (AnyConnect and standards-based IPsec IKEv2 software clients), FIPS, basic endpoint context collection, 802.1x Windows supplicant, and web security SSL VPN. Plus licenses are most applicable to environments previously served by the AnyConnect Essentials license and users of Network Access Manager or Web Security modules.
Supports all basic AnyConnect Plus features in addition to advanced features such as clientless VPN, VPN posture agent, unified posture agent, Next Generation Encryption/Suite B, SAML, all plus services and flex licenses. Apex licenses are most applicable to environments previously served by the AnyConnect Premium, Shared, Flex, and Advanced Endpoint Assessment licenses.
VPN Only (Perpetual)
Supports VPN functionality for PC and mobile platforms, clientless (browser-based) VPN termination on ASA, VPN-only compliance and posture agent in conjunction with ASA, FIPS compliance, and next-generation encryption (Suite B) with AnyConnect and third-party IKEv2 VPN clients. VPN only licenses are most applicable to environments wanting to use AnyConnect exclusively for remote access VPN services but with high or unpredictable total user counts. No other AnyConnect function or service (such as Web Security module, Cisco Umbrella Roaming, ISE Posture, Network Visibility module, or Network Access Manager) is available with this licensee.
AnyConnect Plus and Apex Licenses
From the Cisco Commerce Workspace website, choose the service tier (Apex or Plus) and the length of term (1, 3, or 5 year). The number of licenses that are needed is based on the number of unique or authorized users that will make use of AnyConnect. AnyConnect 4.5 is not licensed based on simultaneous connections. You can mix Apex and Plus licenses in the same environment, and only one license is required for each user.
AnyConnect 4.5 licensed customers are also entitled to earlier AnyConnect releases.
AnyConnect 4.5 modules and features, with their minimum release requirements, license requirements, and supported operating systems are listed in the following sections:
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.