Guest

Cisco AnyConnect Secure Mobility Client

AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 3.0

Hierarchical Navigation

Downloads

 Feedback

Table Of Contents

AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 3.0


AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 3.0

Published: August 3, 2012

This document identifies the AnyConnect Release 3.0 features, license requirements, and endpoint OSs each feature supports.

The Cisco Secure Remote Access: VPN Licensing Overview provides brief descriptions of the AnyConnect license options and example SKUs. Use that resource for a simple description of each license offering.

An AnyConnect Essentials or AnyConnect Premium SSL VPN Edition license requires activation on a Cisco adaptive security appliance (ASA) running 8.0(x) or later. An AnyConnect Secure Mobility license requires activation on a Cisco IronPort Web Security Appliance (WSA) running 7.0 or later.

Table 1 lists the basic features supported by an AnyConnect Essentials license, and the VPN endpoint OSs the features support. An AnyConnect Premium SSL VPN Edition license also supports the basic features. You can activate either license, but you cannot activate both licenses together.

Table 1 Basic Features Supported by AnyConnect Essentials and Premium Licenses

Client Feature
OSs Supported1

WebLaunch deployment.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Manual (standalone) endpoint installation.

Windows 7, Vista, and XP

Remote Desktop Protocol (RDP) session to establish an AnyConnect session.

Windows

Datagram Transport Layer Security (DTLS) with SSL access to VPN.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Compression for TLS—Increases the communications performance between the security appliance and the client.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Fallback from DTLS to TLS if DTLS fails.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

PPP exclusion route for AnyConnect over L2TP or PPTP.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Start script on connect and another on disconnect.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Certificate-only authentication.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Machine certificate authentication for standalone mode.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

RSA SecurID integration.

Windows 7, Vista, and XP

RSA SecurID Software Token Client Software 1.1 or later support (single token only).

Windows 7, Vista, and XP

Smartcard support.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Simple Certificate Enrollment Protocol (SCEP) to provision and renew a certificate used for client authentication.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Windows Mobile

List valid certificates for users to select to authenticate the VPN session.

Windows 7, Vista, and XP

Certificate store and certificate store override.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Dynamic access policies for multiple group membership and endpoint security.

Note: Requires ASA 8.0(x) or later.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Quarantine—The use of AAA attributes and dynamic access policies to isolate a VPN session.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Graphical and CLI user interfaces.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Minimize on connect.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Windows Mobile

Split tunneling to permit the endpoint to send some traffic in the clear Note: Requires ASA 8.0(x) or later.

Windows 7, Vista, and XP

In-the-clear DNS queries with split tunneling enabled.

Windows 7, Vista, and XP

Ignore Proxy—Bypass Internet Explorer proxy configuration on endpoint.

Note: Requires ASA 8.3(1) or later.

Windows 7, Vista, and XP

Mac OS Safari Proxy.

Note: Requires ASA 8.3(1) or later.

Mac OS 10.5, 10.6 and 10.7

Proxy auto-configuration file generation for browser-based support.

Windows 7, Vista, and XP

Internet Explorer Connections tab lockdown.

Windows 7, Vista, and XP

IPv6 VPN access—Allows access to IPv6 resources over a public IPv4 connection.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Local LAN access.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Tethered device access (phone synchronization) via client firewall rules.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Local printer access via client firewall rules.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Trusted network detection (TND).

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Captive portal (hotspot) detection.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Session resume.

Windows 7, Vista, and XP

Optimal gateway selection.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Start before logon (SBL).

Windows 7, Vista, and XP

Auto connect on start.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Windows Mobile

Auto reconnect.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Resume session after loss of connectivity.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Auto update AnyConnect.

Note: Requires ASA 8.0(x) or later.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Auto update AnyConnect profile.

Note: Requires ASA 8.0(x) or later.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Logon enforcement to terminate the VPN session if a second user logs onto Windows.

Windows 7, Vista, and XP

Permit or deny a user who is remotely logged onto a PC to use it to establish a VPN session.

Windows 7, Vista, and XP

Retain VPN session if the user logs off Windows and whether to disconnect the VPN session if a different, local user logs onto Windows.

Windows 7, Vista, and XP

Diagnostic AnyConnect Reporting Tool (DART).

Windows 7, Vista, and XP

Federal Information Processing Standard (FIPS) security.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

1 For Red Hat Enterprise Linux 5 Desktop and Ubuntu 9.x requirements, see the Release Notes for Cisco AnyConnect Secure Mobility Client, Release 2.3.


Table 2 lists the advanced features, network and license requirements, and supported VPN endpoints.

Table 2 Advanced AnyConnect Features

Client Feature
Requirements
OSs Supported

Browser-based (clientless) VPN access.

AnyConnect Premium SSL VPN Edition license

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Simultaneous AnyConnect client and browser-based (client) connections. Each connection has its own tunnel.

Both of the following:

ASA 8.0(x) or later

AnyConnect Premium SSL VPN Edition license

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

SSL VPN support for touch-screen devices running Windows Mobile.

Both of the following:

AnyConnect Mobile license

AnyConnect Essentials or Premium license

Windows Mobile OS touch-screen devices. For the supported device list, see the Release Notes for Cisco AnyConnect Secure Mobility Client, Release 3.0.

Endpoint assessment.

All of the following:

ASA 8.0(x) or later

Cisco Secure Desktop Host Scan

AnyConnect Premium SSL VPN Edition license

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Endpoint remediation.

All of the following:

ASA 8.0(x) or later

Cisco Secure Desktop Host Scan

AnyConnect Premium SSL VPN Edition license

Advanced Endpoint Assessment license

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Post log-in always-on VPN and the following associated features:

Connect failure policy.

Captive portal hotspot remediation to relax a connect failure closed policy to let the user satisfy hotspot requirements for network access.

Exempt certain VPN users from an always-on VPN deployment. Note: Requires ASA 8.3(1) to exempt users.

Either of the following:

AnyConnect Premium SSL VPN Edition license

AnyConnect Essentials or Premium license, and Cisco IronPort Web Securitylicense coupled with a Secure Mobility license

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Web security—Enforces acceptable use policies to protect endpoints from websites found to be unsafe. This feature also uses SSO to automate user access to the WSA, and supports the generation of remote user access reports.

All of the following:

ASA 8.3(1) or later

WSA 7.0 or later

AnyConnect Essentials or Premium license

Cisco IronPort Web Security license

Secure Mobility license

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Windows Mobile

Quarantine.

All of the following:

ASA 8.0(x) or later. Note: Showing quarantine status and terminate messages requires ASA 8.3(1) or later.

AnyConnect Premium SSL VPN Edition license.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7


Table 3 lists the AnyConnect Profile editor API, and customization options; and the supporting OSs.

Table 3 AnyConnect Administrator Tools and OSs

AnyConnect Tool
OSs Supported

AnyConnect profile editor.

Note: Requires ASDM 6.3(1) or later.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Application Programming Interface (API) to create your own graphical user interface and automate a VPN connection with the AnyConnect client from another application.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Red Hat Enterprise Linux 5 Desktop

Ubuntu 9.x

Microsoft Component Object Module (COM) to permit interaction with other applications.

Windows 7, XP, and Vista

Language Translation (localization) of user messages that appear on the client user interface.

Note: Requires ASA 8.0(x) or later.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7

Extended customization and localization features:

Localized installs using localized MSI transforms (Windows only).

Custom MSI transforms (Windows only).

User-defined resource files.

Third-party GUI/CLI support.

Localization for Mac OS X.

Windows 7, Vista, and XP

Mac OS 10.5, 10.6 and 10.7


Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2010 Cisco Systems, Inc. All rights reserved.