Cisco Cisco AnyConnect Secure Mobility Client v4.x Release Notes
◦Use the services supported by a Cisco IronPort Web Security Appliance. These services let you
enforce acceptable use policies and protect endpoints from websites found to be unsafe, by granting
or denying all HTTP and HTTPS requests.
or denying all HTTP and HTTPS requests.
◦Deploy firewall rules. If you deploy always-on VPN, you might want to enable split tunneling and
configure firewall rules to restrict network access to local printing and tethered mobile devices.
◦Configure dynamic access policies or group policies to exempt qualified VPN users from an
always-on VPN deployment.
◦Configure dynamic access policies to display a message on the AnyConnect GUI when an
AnyConnect session is in quarantine.
ASA Memory Requirements
The minimum flash memory recommended for all ASA 5500 models using AnyConnect 4.0 or later is
512MB. This will allow hosting of multiple endpoint operating systems, and logging and debugging to
be enabled on the ASA.
512MB. This will allow hosting of multiple endpoint operating systems, and logging and debugging to
be enabled on the ASA.
Due to flash size limitations on the ASA 5505 (maximum of 128 MB), not all permutations of the
AnyConnect package will be able to be loaded onto this model. To successfully load AnyConnect, you
will need to reduce the size of your packages (i.e. fewer OSs, no host Scan, etc,) until they fit on the
available flash.
AnyConnect package will be able to be loaded onto this model. To successfully load AnyConnect, you
will need to reduce the size of your packages (i.e. fewer OSs, no host Scan, etc,) until they fit on the
available flash.
Caution
Check for the available space before proceeding with the AnyConnect install or upgrade. You can use one of
the following methods to do so:
the following methods to do so:
• CLI—Enter the show memory command.
asa3# show memory
Free memory:
Free memory:
304701712 bytes (57%)
Used memory:
232169200 bytes (43%)
-------------
----------------
Total memory:
536870912 bytes (100%)
• ASDM—Choose Tools > File Management. The File Management window displays flash space.
If your ASA has only the default internal flash memory size or the default DRAM size (for cache memory),
you could have problems storing and loading multiple AnyConnect client packages on the ASA. Even if you
have enough space on the flash to hold the package files, the ASA could run out of cache memory when it
unzips and loads the client images. For additional information about the ASA memory requirements and
upgrading ASA memory, see the
you could have problems storing and loading multiple AnyConnect client packages on the ASA. Even if you
have enough space on the flash to hold the package files, the ASA could run out of cache memory when it
unzips and loads the client images. For additional information about the ASA memory requirements and
upgrading ASA memory, see the
VPN Posture and Hostscan Interoperability
The VPN Posture (HostScan) Module provides the Cisco AnyConnect Secure Mobility Client the ability to
identify the operating system, antivirus, antispyware, and firewall software installed on the host to the ASA.
identify the operating system, antivirus, antispyware, and firewall software installed on the host to the ASA.
The VPN Posture (HostScan) Module requires Cisco Hostscan to gather this information. Cisco Hostscan,
available as its own software package, is periodically updated with new operating system, antivirus, antispyware,
and firewall software information. Cisco recommends that you run the most recent version of HostScan, which
is the same as the version of AnyConnect.
available as its own software package, is periodically updated with new operating system, antivirus, antispyware,
and firewall software information. Cisco recommends that you run the most recent version of HostScan, which
is the same as the version of AnyConnect.
Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4.3
7
Release Notes for AnyConnect Secure Mobility Client, Release 4.3
ASA Requirements for AnyConnect