Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7382
Views
15
Helpful
8
Replies

Anyconnect and ASA code versions

tonypearce1
Level 3
Level 3

‎10-22-2012 06:35 AM - edited ‎02-21-2020 06:25 PM

Is there a compatability matrix of ASA software code to Anyconnect versions?

I would like to know what minimum ASA code is needed for Anyconnect 3.1.

Labels:
0 Helpful
8 Replies 8

Javier Portuguez
Level 9
Level 9

‎10-22-2012 09:33 AM

Hi Tony,

You can install AnyConnect 3.1 on ASA running 8.2 or 8.3. However, you must consider the following:

Important AnyConnect 3.1 and ASA 9.0 Interoperability Considerations

The following AnyConnect features require ASA 9.0 or later, or ASDM 7.0 or later, to be installed on your ASA for them to be effective:

•IPv6 Support for AnyConnect VPN Features

•Next Generation Encryption as it applies to VPN

•Deferred Upgrades

Adaptive Security Appliance Requirements

•You must upgrade to ASA 9.0 if you want to use the following features:

–IPv6 support

–Cisco Next Generation Encryption "Suite-B" security

–AnyConnect client deferred upgrades

•You must use ASA 8.4(1) or later if you want to do the following:

–Use IKEv2.

–Use the ASDM to edit non-VPN client profiles (such as Network Access Manager, Web Security, or Telemetry).

–Use the services supported by a Cisco IronPort Web Security Appliance license. These services let you enforce acceptable use policies and protect endpoints from websites found to be unsafe, by granting or denying all HTTP and HTTPS requests.

–Deploy firewall rules. If you deploy always-on VPN, you might want to enable split tunneling and configure firewall rules to restrict network access to local printing and tethered mobile devices.

–Configure dynamic access policies or group policies to exempt qualified VPN users from an always-on VPN deployment.

–Configure dynamic access policies to display a message on the AnyConnect GUI when an AnyConnect session is in quarantine.

More info here

Hope to help.

Portu.

Please rate any helpful posts

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Javier Portuguez

‎10-22-2012 09:50 AM

Good points all, Portu.

I'd just add that ASA 9.0 isn't released quite yet.

Javier Portuguez
Level 9
Level 9
In response to Marvin Rhoads

‎10-22-2012 10:38 AM

Thanks Marvin (5 stars)

I appreciate the input!

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Javier Portuguez

‎10-22-2012 10:39 AM

You're welcome. 5 back at you!

0 Helpful

Javier Portuguez
Level 9
Level 9
In response to Marvin Rhoads

‎10-22-2012 11:53 AM

Awesome!

Now let's wait for Tony's feedback.

0 Helpful

tonypearce1
Level 3
Level 3

‎10-23-2012 12:56 AM

Thanks to all. So, I can install on ASA 8.2 to support Windows 8, whilst keeping the same functionality as Anyconnect 2.5 (although not gaining any new features). However I also save on cost factos of RAM upgrades to support ASA 8.3+

Thank you,

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to tonypearce1

‎10-23-2012 05:15 AM

Yes, you can use Anyconnect 3.1 with ASA 8.2.

You will get some new features (quite a few under the covers, actually) - just not the ones as listed by Portu above.

Javier Portuguez
Level 9
Level 9
In response to Marvin Rhoads

‎10-23-2012 05:53 AM

Good day,

Just adding my two cents, Windows 8 is not yet supported, please check this out:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html#wp1053853

It is hope to be supported in a further release of the AnyConnect client.

Hope to help.

Portu.

Please rate any helpful posts

0 Helpful
Customers Also Viewed These Support Documents