Cisco Cisco AnyConnect Secure Mobility Client v4.x
If your ASA has only the default internal flash memory size or the default DRAM size (for cache memory), you could have problems
storing and loading multiple AnyConnect client packages on the ASA. Even if you have enough space on the flash to hold the package
files, the ASA could run out of cache memory when it unzips and loads the client images. For additional information about the ASA
memory requirements and upgrading ASA memory, see the
storing and loading multiple AnyConnect client packages on the ASA. Even if you have enough space on the flash to hold the package
files, the ASA could run out of cache memory when it unzips and loads the client images. For additional information about the ASA
memory requirements and upgrading ASA memory, see the
VPN Posture and Hostscan Interoperability
The VPN Posture (HostScan) Module provides the Cisco AnyConnect Secure Mobility Client the ability to identify the operating
system, antivirus, antispyware, and firewall software installed on the host to the ASA.
system, antivirus, antispyware, and firewall software installed on the host to the ASA.
The VPN Posture (HostScan) Module requires Cisco Hostscan to gather this information. Cisco Hostscan, available as its own software
package, is periodically updated with new operating system, antivirus, antispyware, and firewall software information. Cisco
recommends that you run the most recent version of HostScan, which is the same as the version of AnyConnect.
package, is periodically updated with new operating system, antivirus, antispyware, and firewall software information. Cisco
recommends that you run the most recent version of HostScan, which is the same as the version of AnyConnect.
AnyConnect 4.1.00028 is compatible with Cisco HostScan 4.1.00028 (OPSWAT 3.6.10013.2) or later. If you cannot upgrade
AnyConnect and Host Scan at the same time, upgrade Host Scan first, then upgrade AnyConnect.
AnyConnect and Host Scan at the same time, upgrade Host Scan first, then upgrade AnyConnect.
AnyConnect 4.0.02052 is compatible with Cisco Hostscan 4.0.02052 (OPSWAT 3.6.10013.2) or later. If you cannot upgrade
AnyConnect and Host Scan at the same time, upgrade Host Scan first, then upgrade AnyConnect.
AnyConnect and Host Scan at the same time, upgrade Host Scan first, then upgrade AnyConnect.
The
is available on cisco.com. The support charts opens most easily using
a Firefox browser. If you are using Internet Explorer, download the file to your computer and change the file extension from .zip
to .xlsm. You can open the file in Microsoft Excel, Microsoft Excel viewer, or Open Office.
to .xlsm. You can open the file in Microsoft Excel, Microsoft Excel viewer, or Open Office.
AnyConnect will not establish a VPN connection when used with an incompatible version of HostScan. Also,
Cisco does not recommend the combined use of HostScan and ISE posture. Unexpected results occur when
the two different posture agents are run.
Cisco does not recommend the combined use of HostScan and ISE posture. Unexpected results occur when
the two different posture agents are run.
If you upgrade to AnyConnect 4.4, and you want to continue to use Dynamic Access Policies (DAP) and
Advanced Endpoint Assessments that use VPN Posture (HostScan) to look for antivirus and antispyware
attributes, use the latest 4.3.x VPN Posture (HostScan) as the HostScan image in ASDM (Configuration >
Remote Access VPN > Secure Desktop Manager > Host Scan image).
Advanced Endpoint Assessments that use VPN Posture (HostScan) to look for antivirus and antispyware
attributes, use the latest 4.3.x VPN Posture (HostScan) as the HostScan image in ASDM (Configuration >
Remote Access VPN > Secure Desktop Manager > Host Scan image).
AnyConnect 4.4 and VPN Posture (HostScan) version 4.4 images use the OPSWAT v4 compliance module
which combines antivirus and antispyware into one category called anti-malware. To write DAP or Advanced
Endpoint Assessment rules using the combined anti-malware attributes, you must be running ASDM 7.7.1 or
higher on your ASA. ASDM 7.7.1 is expected to release in the first quarter of 2017.
which combines antivirus and antispyware into one category called anti-malware. To write DAP or Advanced
Endpoint Assessment rules using the combined anti-malware attributes, you must be running ASDM 7.7.1 or
higher on your ASA. ASDM 7.7.1 is expected to release in the first quarter of 2017.
Note
If you upgrade to ASDM 7.7.1 and use AnyConnect 4.4.x or VPN Posture (HostScan) version 4.4.x as
the HostScan engine, any existing DAP or Advanced Endpoint Assessment rules referencing antivirus or
antispyware will be deleted, and you will need to recreate them using anti-malware attributes.
the HostScan engine, any existing DAP or Advanced Endpoint Assessment rules referencing antivirus or
antispyware will be deleted, and you will need to recreate them using anti-malware attributes.
Note
Starting with AnyConnect 4.4 or HostScan 4.4 used as the HostScan image and with ASDM 7.7.1 as the ASDM
image, administrators will only be able to express DAP and Advanced Endpoint Assessment rules in terms of
anti-malware attributes.
image, administrators will only be able to express DAP and Advanced Endpoint Assessment rules in terms of
anti-malware attributes.
The Cisco Host Scan package can be pre-deployed or installed on an ASA version 8.4 or later for web-deploy.
7