Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
562
Views
0
Helpful
2
Replies

Minimum ASA ver for Anyconnect 4 Licenses

jeliasoncisco
Level 5
Level 5

‎05-16-2016 05:02 PM - edited ‎02-21-2020 08:49 PM

Hello,

I am having difficulty finding documentation which explains the minimum ASA firmware version that supports Anyconnect 4 licensing.

We have an ASA5505 which is not end of life yet, however, we want to expand the VPN concurrent logins.

Thank you.

Labels:
0 Helpful
2 Replies 2

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎05-16-2016 05:57 PM

Hi,

Please check the following link for ordering Anyconnect licenses:

http://www.cisco.com/c/dam/en/us/products/security/anyconnect-og.pdf

May I know what is the exact requirement for the Anyconnect ?

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-16-2016 08:44 PM

The AnyConnect 4.x licenses can be activated even on old ASA 8.2 software.

Various later features require later ASA versions to work. A complete listing can be found in the AC release notes here:

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect42/b_Release_Notes_AnyConnect_4_2.html#ID-1454-0000028f

They state:

ASA Release Requirements

  • You must upgrade to ASDM 7.5.1 to use NVM.

  • You must upgrade to ASDM 7.4.2 to use AMP Enabler.

  • You must upgrade to ASA 9.3(2) to use TLS 1.2.

  • You must upgrade to ASA 9.2(1) if you want to use the following features:

    • ISE Posture over VPN

    • ISE Deployment of AnyConnect 4.x

    • Change of Authorization (CoA) on ASA is supported from this version onwards

  • You must upgrade to ASA 9.0 if you want to use the following features:

    • IPv6 support

    • Cisco Next Generation Encryption “Suite-B” security

    • AnyConnect client deferred upgrades

  • You must use ASA 8.4(1) or later if you want to do the following:

    • Use IKEv2.

    • Use the ASDM to edit non-VPN client profiles (such as Network Access Manager, Web Security, or Telemetry).

    • Use the services supported by a Cisco IronPort Web Security Appliance. These services let you enforce acceptable use policies and protect endpoints from websites found to be unsafe, by granting or denying all HTTP and HTTPS requests.

    • Deploy firewall rules. If you deploy always-on VPN, you might want to enable split tunneling and configure firewall rules to restrict network access to local printing and tethered mobile devices.

    • Configure dynamic access policies or group policies to exempt qualified VPN users from an always-on VPN deployment.

    • Configure dynamic access policies to display a message on the AnyConnect GUI when an AnyConnect session is in quarantine.

0 Helpful
Customers Also Viewed These Support Documents