Cisco Cisco AnyConnect Secure Mobility Client v4.x Release Notes
The
is available on cisco.com. The support charts
opens most easily using a Firefox browser. If you are using Internet Explorer, download the file to your
computer and change the file extension from .zip to .xlsm. You can open the file in Microsoft Excel,
Microsoft Excel viewer, or Open Office.
computer and change the file extension from .zip to .xlsm. You can open the file in Microsoft Excel,
Microsoft Excel viewer, or Open Office.
AnyConnect will not establish a VPN connection when used with an incompatible version of HostScan. Also,
Cisco does not recommend the combined use of HostScan and ISE posture. Unexpected results occur when
the two different posture agents are run.
Cisco does not recommend the combined use of HostScan and ISE posture. Unexpected results occur when
the two different posture agents are run.
If you upgrade to AnyConnect 4.4, and you want to continue to use Dynamic Access Policies (DAP) and
Advanced Endpoint Assessments that use VPN Posture (HostScan) to look for antivirus and antispyware
attributes, use the latest 4.3.x VPN Posture (HostScan) as the HostScan image in ASDM (Configuration >
Remote Access VPN > Secure Desktop Manager > Host Scan image).
Advanced Endpoint Assessments that use VPN Posture (HostScan) to look for antivirus and antispyware
attributes, use the latest 4.3.x VPN Posture (HostScan) as the HostScan image in ASDM (Configuration >
Remote Access VPN > Secure Desktop Manager > Host Scan image).
AnyConnect 4.4 and VPN Posture (HostScan) version 4.4 images use the OPSWAT v4 compliance module
which combines antivirus and antispyware into one category called anti-malware. To write DAP or Advanced
Endpoint Assessment rules using the combined anti-malware attributes, you must be running ASDM 7.7.1 or
higher on your ASA. ASDM 7.7.1 is expected to release in the first quarter of 2017.
which combines antivirus and antispyware into one category called anti-malware. To write DAP or Advanced
Endpoint Assessment rules using the combined anti-malware attributes, you must be running ASDM 7.7.1 or
higher on your ASA. ASDM 7.7.1 is expected to release in the first quarter of 2017.
Note
If you upgrade to ASDM 7.7.1 and use AnyConnect 4.4.x or VPN Posture (HostScan) version 4.4.x as
the HostScan engine, any existing DAP or Advanced Endpoint Assessment rules referencing antivirus or
antispyware will be deleted, and you will need to recreate them using anti-malware attributes.
the HostScan engine, any existing DAP or Advanced Endpoint Assessment rules referencing antivirus or
antispyware will be deleted, and you will need to recreate them using anti-malware attributes.
Note
Starting with AnyConnect 4.4 or HostScan 4.4 used as the HostScan image and with ASDM 7.7.1 as the ASDM
image, administrators will only be able to express DAP and Advanced Endpoint Assessment rules in terms of
anti-malware attributes.
image, administrators will only be able to express DAP and Advanced Endpoint Assessment rules in terms of
anti-malware attributes.
The Cisco Host Scan package can be pre-deployed or installed on an ASA version 8.4 or later for web-deploy.
ISE Posture Compliance Module
The ISE Posture compliance module contains the list of supported antivirus, antispyware, and firewall for
ISE posture. While the HostScan list organized by vendor, the ISE posture list organizes by product type.
When the version number on the headend (ISE or ASA) is greater than the version on the endpoint, the
OPSWAT gets updated. These upgrades are mandatory and happen automatically without end user intervention.
ISE posture. While the HostScan list organized by vendor, the ISE posture list organizes by product type.
When the version number on the headend (ISE or ASA) is greater than the version on the endpoint, the
OPSWAT gets updated. These upgrades are mandatory and happen automatically without end user intervention.
The individual files within the library (a zip file) are digitally signed by OPSWAT, Inc., and the library itself
is packaged as a single, self-extracting executable which is code signed by a Cisco certificate. You can view
the charts using Microsoft Excel, Microsoft Excel Viewer, or OpenOffice at this location: .
is packaged as a single, self-extracting executable which is code signed by a Cisco certificate. You can view
the charts using Microsoft Excel, Microsoft Excel Viewer, or OpenOffice at this location: .
IOS Support of AnyConnect
Cisco supports AnyConnect VPN access to IOS Release 15.1(2)T functioning as the secure gateway; however,
IOS Release 15.1(2)T does not currently support the following AnyConnect features:
IOS Release 15.1(2)T does not currently support the following AnyConnect features:
• Post Log-in Always-on VPN
• Connect Failure Policy
• Client Firewall providing Local Printer and Tethered Device access
Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4.3
8
Release Notes for AnyConnect Secure Mobility Client, Release 4.3
IOS Support of AnyConnect