Cisco Cisco AnyConnect Secure Mobility Client v4.x Release Notes
• You must use ASA 8.4(1) or later if you want to do the following:
◦Use IKEv2.
◦Use the ASDM to edit non-VPN client profiles (such as Network Access Manager, Web Security, or Telemetry).
◦Use the services supported by a Cisco IronPort Web Security Appliance. These services let you enforce acceptable use
policies and protect endpoints from websites found to be unsafe, by granting or denying all HTTP and HTTPS requests.
◦Deploy firewall rules. If you deploy always-on VPN, you might want to enable split tunneling and configure firewall rules
to restrict network access to local printing and tethered mobile devices.
◦Configure dynamic access policies or group policies to exempt qualified VPN users from an always-on VPN deployment.
◦Configure dynamic access policies to display a message on the AnyConnect GUI when an AnyConnect session is in
quarantine.
ASA Memory Requirements
The minimum flash memory recommended for all ASA 5500 models using AnyConnect 4.0 or later is
512MB. This will allow hosting of multiple endpoint operating systems, and logging and debugging to
be enabled on the ASA.
512MB. This will allow hosting of multiple endpoint operating systems, and logging and debugging to
be enabled on the ASA.
Due to flash size limitations on the ASA 5505 (maximum of 128 MB), not all permutations of the
AnyConnect package will be able to be loaded onto this model. To successfully load AnyConnect, you
will need to reduce the size of your packages (i.e. fewer OSs, no host Scan, etc,) until they fit on the
available flash.
AnyConnect package will be able to be loaded onto this model. To successfully load AnyConnect, you
will need to reduce the size of your packages (i.e. fewer OSs, no host Scan, etc,) until they fit on the
available flash.
Caution
Check for the available space before proceeding with the AnyConnect install or upgrade. You can use one of the following methods
to do so:
to do so:
• CLI—Enter the show memory command.
asa3# show memory
Free memory:
Free memory:
304701712 bytes (57%)
Used memory:
232169200 bytes (43%)
-------------
----------------
Total memory:
536870912 bytes (100%)
• ASDM—Choose Tools > File Management. The File Management window displays flash space.
If your ASA has only the default internal flash memory size or the default DRAM size (for cache memory), you could have problems
storing and loading multiple AnyConnect client packages on the ASA. Even if you have enough space on the flash to hold the package
files, the ASA could run out of cache memory when it unzips and loads the client images. For additional information about the ASA
memory requirements and upgrading ASA memory, see the
storing and loading multiple AnyConnect client packages on the ASA. Even if you have enough space on the flash to hold the package
files, the ASA could run out of cache memory when it unzips and loads the client images. For additional information about the ASA
memory requirements and upgrading ASA memory, see the
VPN Posture and Hostscan Interoperability
The VPN Posture (HostScan) Module provides the Cisco AnyConnect Secure Mobility Client the ability to identify the operating
system, antivirus, antispyware, and firewall software installed on the host to the ASA.
system, antivirus, antispyware, and firewall software installed on the host to the ASA.
The VPN Posture (HostScan) Module requires Cisco Hostscan to gather this information. Cisco Hostscan, available as its own software
package, is periodically updated with new operating system, antivirus, antispyware, and firewall software information. Cisco
recommends that you run the most recent version of HostScan, which is the same as the version of AnyConnect.
package, is periodically updated with new operating system, antivirus, antispyware, and firewall software information. Cisco
recommends that you run the most recent version of HostScan, which is the same as the version of AnyConnect.
8