Articles Tagged ‘AnyConnect’

Demystifying Cisco AnyConnect 4.x Licensing. Plus, Plus Perpetual, Apex & Migration Licenses for Cisco IOS Routers & ASA Firewalls (5500/5500-X Series). Supported Operating Systems & Ordering Guide

cisco-anyconnect-license-plus-perpetual-apex-essential-premium-ssl-mobility-vpn-01aIn late 2014, Cisco announced the new licensing model for the latest AnyConnect Secure Mobility client v4.x. With this new version, Cisco introduced a number of new features, but also simplified the licensing model which was somewhat confusing. In this article, we will take a look at the new AnyConnect 4.x licenses which consist of: AnyConnect Plus license, AnyConnect Plus Perpetual license and AnyConnect Apex license.
 
We will also show how the new licenses map to the older AnyConnect Essentials and AnyConnect Premium license, plus the available migration paths. Finally, we also take a look at Cisco’s Software Application Support (SAS) and Software Application Support plus Upgrade (SASU), which are required when purchasing AnyConnect.

All AnyConnect licenses prior to version 4 had the AnyConnect Essentials and Premium licensing scheme. The newer v4.x AnyConnect licenses now have one of the three licensing options:

  • Cisco AnyConnect Plus License (Subscription Based)
  • Cisco AnyConnect Plus Perpetual License (Permanent – no subscription)
  • Cisco AnyConnect Apex License (Subscription Based)

With the new AnyConnect licenses, Cisco has moved to a subscription-based licensing model which means customers will unfortunately need to fork out more money in the long run.  The Plus Perpetual License on the other hand allows Cisco customers to purchase a one-time license, however the license costs significantly higher than the subscription-based license.

We should also note that AnyConnect 4.0 is not licensed based on simultaneous connections (like the previous AnyConnect 3.x), but is now user-based. This means a user connecting via his smartphone and laptop simultaneously will only occupy a single license.

Since the newer AnyConnect licenses are subscription-based, according to Cisco, if their subscription expires and is not renewed, they will stop working.
 
Cisco AnyConnect Secure Mobility Client 4.0 supports the following operating systems:

  • Windows 8.1 (32bit & 64Bit)
  • Windows 8 (32bit & 64Bit)
  • Windows 7 (32bit & 64Bit)
  • Linux Ubuntu 12.X 64Bit
  • Linux RedHat 6 64Bit
  • Mac OS X 10.10 – 10.8

As expected, Windows XP is no longer supported.

Let’s take a look at each license feature and how the older AnyConnect Essentials and Premium licenses map to the newer AnyConnect Plus and Apex licenses:

cisco-anyconnect-license-plus-perpetual-apex-essential-premium-ssl-mobility-vpn-01

Figure 1. Mapping AnyConnect 3.x Essentials & Premium to AnyConnect 4.x Plus & Apex

 

Related AnyConnect Articles on Firewall.cx:

 

Cisco AnyConnect Plus License (Equivalent to the old Essentials License) 5, 3 or 1-Year Term

The AnyConnect Plus License is a subscription-based license with the option of a 5, 3 or 1-year renewable subscription and supports the following features:

  • VPN Support for Devices. Includes Workstations and Laptops.
  • Secure Mobility Client support (AnyConnect Mobile). Includes mobile phones, tablets etc.
  • SSL VPN (Client-based)
  • Per-app VPN. Authorize specific applications access the VPN.  Supports specific devices and software.
  • Basic endpoint context collection
  • IEEE 802.1X Windows supplicant
  • Cisco Cloud Web Security agent for Windows & Mac OS X platforms
  • Cloud Web Security and Web Security Appliance support
  • Cisco Advanced Malware Protection for Endpoints Enabler. AMP for Endpoints is licensed separately
  • Network Access Manager
  • Federal Information Processing Standards (FIPS) Compliance

It is worth noting that AnyConnect 3.x required the purchase of Essentials or Premium license + AnyConnect Mobile (L-ASA-AC-M-55xx) in order to support mobile devices (Smartphones, Tablets etc.).  AnyConnect Mobile is now integrated into the new AnyConnect Plus license.

 

Cisco AnyConnect Plus Perpetual (permanent) License

Upgrading - Uploading AnyConnect Secure Mobility Client v4.x SSL VPN on Cisco ASA 5506-X, 5508-X, 5512-X, 5515-X, 5516-X, 5525-X, 5545-X, 5555-X, 5585-X

This article will show how to download and upload the newer AnyConnect 4.x VPN clients to your Cisco ASA Firewall appliance (5500 & 5500-X Series) and configure WebVPN so that the newer AnyConnect VPN client is used and distributed to the remote VPN clients.

The Cisco AnyConnect SSL VPN has become the VPN standard for Cisco equipment, replacing the older Cisco IPSec VPN Client. With the introduction of the newer 4.x AnyConnect, Cisco has made dramatic changes to their licensing and features supported. Our Cisco AnyConnect 4.x Licensing article explains the differences with the newer 4.x licensing and has all the details to help organizations of any size migrate from 3.x AnyConnect to 4.x. You’ll also find the necessary Cisco ordering codes along with their caveats.

cisco-asa-firewall-anyconnect-secure-mobility-4-upgrade-1

Figure 1. Cisco AnyConnect v4.x

The latest AnyConnect client at the time of writing is version 4.2.02075, which is available for Cisco customers with AnyConnect Plus or Apex licenses. Cisco provides both head-end and standalone installer files. The head-end files (.pkg extension) are deployed on the Cisco ASA Firewall and automatically downloaded by the VPN clients once authenticated via the web browser.

Following s the direct Cisco URL for the AnyConnect download:

https://software.cisco.com/download/navigator.html?mdfid=283000185&flowid=72322

Uploading AnyConnect Secure Mobility Packages to the ASA Firewall

Images can be uploaded to the Cisco ASA Firewall via a standard tftp client using the copy tftp flash: command:

ASA-5506X# copy tftp flash:
Address or name of remote host []? 192.168.10.54
Source filename []? anyconnect-win-4.2.02075-k9.pkg
Destination filename [anyconnect-win-4.2.02075-k9.pkg]? [Hit Enter to keep same filename]
Accessing tftp://192.168.10.54/anyconnect-win-4.2.02075-k9.pkg...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/anyconnect-win-4.2.02075-k9.pkg !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
INFO: No digital signature found
 
19426316 bytes copied in 85.820 secs (228544 bytes/sec)

We repeat the same commands until all 3 files have been uploaded so we can fully support Windows, Linux and MAC OS clients.

Using the dir command at the end of the process confirms all files have been successfully uploaded to our ASA Firewall:

Articles To Read Next:

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup