Cisco Cisco AnyConnect Secure Mobility Client v4.x Release Notes
To deploy AnyConnect from an ISE headend and use the ISE Posture module, a Cisco ISE Apex License is required on the ISE
Administration node. For detailed ISE license information, see the Cisco ISE Licenses chapter of the
Administration node. For detailed ISE license information, see the Cisco ISE Licenses chapter of the
.
To deploy AnyConnect from an ASA headend and use the VPN and VPN Posture (HostScan) modules, an AnyConnect 4.X Plus or
Apex license is required, trial licenses are available, see the
Apex license is required, trial licenses are available, see the
For an overview of the AnyConnect 4.X Plus and Apex licenses and a description of which license the features use, see
.
AnyConnect Installation Overview
Deploying AnyConnect refers to installing, configuring, and upgrading the AnyConnect client and its related files. The Cisco
AnyConnect Secure Mobility Client can be deployed to remote users by the following methods:
AnyConnect Secure Mobility Client can be deployed to remote users by the following methods:
• Pre-Deploy—New installations and upgrades are done either by the end user, or by using an enterprise software management
system (SMS).
• Web-Deploy—The AnyConnect package is loaded on the headend, which is either an ASA or ISE server. When the user connects
to an ASA or to ISE, AnyConnect is deployed to the client.
◦For new installations, the user connects to a headend to download the AnyConnect client. The client is either installed
manually, or automatically (web-launch).
◦Updates are done by AnyConnect running on a system where AnyConnect is already installed, or by directing the user to
the ASA clientless portal.
When you deploy AnyConnect, you can include the optional modules that enable extra features, and client profiles that configure the
VPN and other features. Keep in mind the following:
VPN and other features. Keep in mind the following:
• All AnyConnect modules and profiles can be pre-deployed. When pre-deploying, you must pay special attention to the module
installation sequence and other details.
• The Customer Experience Feedback module and the Hostscan package, used by the VPN Posture module, cannot be web-deployed
from the ISE.
• The Compliance Module, used by the ISE Posture module, cannot be web-deployed from the ASA.
For more information about deploying the AnyConnect modules, see the
.
Make sure to update the localization MST files with the latest release from CCO whenever you upgrade
to a new AnyConnect package.
to a new AnyConnect package.
Note
Upgrading from 3.1 MR10 AnyConnect Clients/Incompatibility Issues
Once AnyConnect 3.1.10010 has been automatically deployed to an endpoint, you cannot connect to a secure gateway configured
with AnyConnect versions 4.0, 4.1, 4.1MR2, 4.2, and 4.3 which are incompatible. If you try to upgrade from AnyConnect 3.1 MR10
version to any version other than AnyConnect 4.1MR4 (or later) or 3.1 versions later than 3.1.10010, you will receive a notification
that the upgrade is not allowed.
with AnyConnect versions 4.0, 4.1, 4.1MR2, 4.2, and 4.3 which are incompatible. If you try to upgrade from AnyConnect 3.1 MR10
version to any version other than AnyConnect 4.1MR4 (or later) or 3.1 versions later than 3.1.10010, you will receive a notification
that the upgrade is not allowed.
12