Skip to main content
Cisco Meraki

AnyConnect on ASA vs. MX

    AnyConnect Specific Features

    AnyConnect is more than just a VPN client. It is a fully-fledged end-point mobility client solution. However, unlike the AnyConnect implementation on the ASA or FirePOWER with support for multiple features like Host scan, Web launch, etc, the MX security appliance supports SSL Core VPN and other AnyConnect modules that do not require additional configuration on the MX. For more details see the table below. As AnyConnect progresses into public beta, we will continue to implement other AnyConnect features that align closely with our customer's needs.
     

    AnyConnect configuration guide

    AnyConnect Core VPN Client

    Core Features

    Feature

    Minimum ASA/ASDM Release

    Meraki MX
    wired 16.2+

    License Required

    Windows

    Mac

    Linux

    SSL (TLS & DTLS), including per-app VPN

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes, TLS/DTLS.
    No, per-app VPN

    Plus

    Yes

    Yes

    Yes

    TLS compression

    ASA 8.0(4)

    ASDM 6.3(1)

    No

    Plus

    Yes

    Yes

    Yes

    DTLS fallback to TLS

    ASA 8.4.2.8

    ASDM 6.3(1)

    Yes

    Plus

    Yes

    Yes

    Yes

    IPsec/IKEv2

    ASA 8.4(1)

    ASDM 6.4(1)

    No

    Plus

    Yes

    Yes

    Yes

    Split tunneling

    ASA 8.0(x)

    ASDM 6.3(1)

    Yes

    Plus

    Yes

    Yes

    Yes

    Dynamic split tunneling

    ASA 9.0

    No

    Plus, Apex, or VPN-only

    Yes

    Yes

    No

    Enhanced dynamic split tunneling

    ASA 9.0

    No

    Plus, Apex, or VPN-only

    Yes

    Yes

    No

    Split DNS

    ASA 8.0(4)

    ASDM 6.3(1)

    No

    Plus

    Yes

    Yes

    No

    Ignore browser proxy

    ASA 8.3(1)

    ASDM 6.3(1)

    Yes, in profile

    Plus

    Yes

    Yes

    No

    Proxy auto config (PAC) file generation

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes, in profile

    Plus

    Yes

    No

    No

    Internet Explorer connections tab lockdown

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes, in profile

    Plus

    Yes

    No

    No

    Optimal gateway selection

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes, in profile

    Plus

    Yes

    Yes

    No

    Local LAN access

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes

    Plus

    Yes

    Yes

    Yes

    Tethered device access via client firewall rules, for synchronization

    ASA 8.3(1)

    ASDM 6.3(1)

    No

    Plus

    Yes

    Yes

    Yes

    Local printer access via client firewall rules

    ASA 8.3(1)

    ASDM 6.3(1)

    No

    Plus

    Yes

    Yes

    Yes

    IPv6

    ASA 9.0

    ASDM 7.0

    No

    Plus

    Yes

    Yes

    No

    Further IPv6 implementation

    ASA 9.7.1

    ASDM 7.7.1

    No

    Plus

    Yes

    Yes

    Yes

    Certificate pinning

    No dependency

    Yes, in profile

    Plus, Apex, or VPN-only

    Yes

    Yes

    Yes

    Management VPN tunnel

    ASA 9.0

    ASDM 7.10.1

    No

    Apex

    Yes

    No

    No


    AnyConnect Deployment and Configuration

    Feature

    Minimum ASA/ASDM Release

    Meraki MX

    License Required

    Windows

    Mac

    Linux

    Deferred upgrades

    ASA 9.0

    ASDM 7.0

    No

    Plus

    Yes

    Yes

    Yes

    Windows services lockdown

    ASA 8.0(4)

    ASDM 6.4(1)

    N/A

    Plus

    Yes

    No

    No

    Update policy, software, and profile lock

    ASA 8.0(4)

    ASDM 6.4(1)

    Yes, in profile

    Plus

    Yes

    Yes

    Yes

    Auto-update

    ASA 8.0(4)

    ASDM 6.3(1)

    No

    Plus

    Yes

    Yes

    Yes

    Web launch

    (32-bit browsers only)

    ASA 8.0(4)

    ASDM 6.3(1)

    No

    Plus

    Yes

    Yes

    Yes

    Predeployment

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes

    Plus

    Yes

    Yes

    Yes

    Auto-update client profiles

    ASA 8.0(4)

    ASDM 6.4(1)

    Yes

    Plus

    Yes

    Yes

    Yes

    AnyConnect profile editor

    ASA 8.4(1)

    ASDM 6.4(1)

    No

    Plus

    Yes

    Yes

    Yes

    User-controllable features

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes, in profile

    Plus

    Yes

    Yes

    No


    Connect and Disconnect Features

    Feature

    Minimum ASA/ASDM Release

    Meraki MX

    License Required

    Windows

    Mac

    Linux

    Simultaneous clientless & AnyConnect connections

    ASA8.0(4)

    ASDM 6.3(1)

    No

    Apex

    Yes

    Yes

    Yes

    Start before log on (SBL)

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes

    Plus

    Yes

    No

    No

    Run script on connect and disconnect

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes

    Plus

    Yes

    Yes

    Yes

    Minimize on connect

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes

    Plus

    Yes

    Yes

    Yes

    Auto connect on start

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes

    Plus

    Yes

    Yes

    Yes

    Auto reconnect (disconnect on system suspend, reconnect on system resume)

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes

    Plus

    Yes

    Yes

    No

    Remote user VPN establishment (permitted or denied)

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes, in profile

    Plus

    Yes

    No

    No

    Log-in enforcement (terminate VPN session if another user logs in)

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes, in profile

    Plus

    Yes

    No

    No

    Retain VPN session (when user logs off, and then when this or another user logs in)

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes, in profile

    Plus

    Yes

    No

    No

    Trusted network detection (TND)

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes, in profile

    Plus

    Yes

    Yes

    Yes

    Always-on (VPN must be connected to access network)

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes

    Plus

    Yes

    Yes

    No

    Always-on exemption via DAP

    ASA 8.3(1)

    ASDM 6.3(1)

    No

    Plus

    Yes

    Yes

    No

    Connect failure policy (internet access allowed or disallowed if VPN connection fails)

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes

    Plus

    Yes

    Yes

    No

    Captive portal detection

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes

    Plus

    Yes

    Yes

    Yes

    Captive portal remediation

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes, in profile

    Plus

    Yes

    Yes

    No

    Enhanced captive portal remediation

    No dependency

    Yes, in profile

    Plus

    Yes

    No

    No


    Authentication and Encryption Features

    Feature

    Minimum ASA/ASDM Release

    Meraki MX

    License Required

    Windows

    Mac

    Linux

    Certificate-only authentication

    ASA 8.0(4)

    ASDM 6.3(1)

    No




    No
     

     

    No
     



    No



     


    Yes

     


    No

    Plus

    Yes

    Yes

    Yes

    RSA SecurID/SoftID integration

    Plus

    Yes

    No

    No

    Smartcard support

    Plus

    Yes

    Yes

    No

    SCEP (requires posture module if machine ID is used)

    Plus

    Yes

    Yes

    No

    List and select certificates

    Plus

    Yes

    No

    No

    FIPS

    Plus

    Yes

    Yes

    Yes

    SHA-2 for IPsec IKEv2 (digital signatures, integrity, & PRF)

    ASA 8.0(4)

    ASDM 6.4(1)


    No IKEv2

     


    Yes

    Plus

    Yes

    Yes

    Yes

    Strong encryption (AES-256 & 3des-168)

    Plus

    Yes

    Yes

    Yes

    NSA suite-B (IPsec only)

    ASA 9.0

    ASDM 7.0

    No

    Apex

    Yes

    Yes

    Yes

    Enable CRL check

    n/a

    No

    Apex

    Yes

    No

    No

    SAML 2.0 SSO

    ASA 9.7.1

    ASDM 7.7.1

    No

    Apex or VPN only

    Yes

    Yes

    Yes

    Enhanced SAML 2.0

    ASA 9.7.1.24

    ASA 9.8.2.28

    ASA 9.9.2.1

    No

    Apex or VPN only

    Yes

    Yes

    Yes

    Multiple-certificate authentication

    ASA 9.7.1

    ASDM 7.7.1

    No

    Plus, Apex, or VPN only

    Yes

    Yes

    Yes


    Interfaces

    Feature

    Minimum ASA/ASDM Release

    Meraki MX

    License Required

    Windows

    Mac

    Linux

    GUI

    ASA 8.0(4)

    ASDM 6.3(1)

    Dashboard

     


    No

     

    Yes




    No




    No




    No



    No

    Plus

    Yes

    Yes

    Yes

    Command line

    Yes

    Yes

    Yes

    API

    Yes

    Yes

    Yes

    Microsoft component object module (COM)

    Yes

    No

    No

    Localization of user messages

    Yes

    Yes

    No

    Custom MSI transforms

    Yes

    No

    No

    User defined resource files

    Yes

    Yes

    No

    Client help

    ASA 9.0

    ASDM 7.0

    Yes

    Yes

    Yes

    Yes


    AnyConnect Network Access Manager

    Feature

    Minimum ASA/ASDM Release

    Meraki MX

    License Required

    Windows

    Mac

    Linux

    Core

    ASA 8.4(1)

    ASDM 6.4(1)

    Yes

    Plus

    Yes

    No

    No

    Wired support IEEE 802.3

    Yes

    Wireless support IEEE 802.11

    Yes

    Pre-log on and single sign-on authentication

    Yes

    IEEE 802.1X

    Yes

    IEEE 802.1AE MACsec

    Yes

    EAP methods

    Yes

    FIPS 140-2 level 1

    Yes

    Mobile broadband support

    ASA 8.4(1)

    ASDM 7.0

    Yes

    Yes

    IPv6

    ASA 9.0

    ASDM 7.0

    No

    Yes

    NGE and NSA suite-B

    Yes

    TLS 1.2 for VPN connectivity*

    n/a

    Yes

     

    Yes

    No

    No

    AnyConnect Secure Mobility Modules

    HostScan and Posture Assessment

    Feature

    Minimum ASA/ASDM Release

    Meraki MX

    License Required

    Windows

    Mac

    Linux

    Endpoint Assessment

    ASA 8.0(4)

    ASDM 6.3(1)

    No



    No



    No

    Apex

    Yes

    Yes

    Yes

    Endpoint Remediation

    Apex

    Yes

    Yes

    Yes

    Quarantine

    Apex

    Yes

    Yes

    Yes

    Quarantine status & terminate message

    ASA 8.3(1)

    ASDM 6.3(1)

    No

    Apex

    Yes

    Yes

    Yes

    HostScan package update

    ASA 8.4(1)

    ASDM 6.4(1)

    No



    No

    Apex

    Yes

    Yes

    Yes

    Host emulation detection

    Apex

    Yes

    No

    No

    OPSWAT v4

    ASA 9.9(1)

    ASDM 7.9(1)

    No

    Apex

    Yes

    Yes

    Yes


    ISE Posture

    Feature

    Minimum AnyConnect Release

    Minimum ASA/ASDM Release

    Meraki MX

    Minimum ISE Release

    License Required

    Windows

    Mac

    Linux

    Change of authorization (CoA)

    4.0

    ASA 9.2.1

    ASDM 7.2.1

    No

    2.0

    Plus

    Yes

    Yes

    Yes

    ISE posture profile editor

    4.0

    ASA 9.2.1

    ASDM 7.2.1

    No

    n/a

    Apex

    Yes

    Yes

    Yes

    AC identity extensions (ACIDex)

    4.0

    n/a

    No

    2.0

    Plus

    Yes

    Yes

    Yes

    ISE posture module

    4.0

    n/a

    No

    2.0

    Apex

    Yes

    Yes

    No

    Detection of USB mass storage devices (v4 only)

    4.3

    n/a

    No

    2.1

    Apex

    Yes

    No

    No

    OPSWAT v4

    4.3

    n/a

    No

    2.1

    Apex

    Yes

    Yes

    No

    Stealth agent for posture

    4.4

    n/a

    No

    2.2

    Apex

    Yes

    Yes

    No

    Continuous end-point monitoring

    4.4

    n/a

    No

    2.2

    Apex

    Yes

    Yes

    No

    Next-generation provisioning and discovery

    4.4

    n/a

    No

    2.2

    Apex

    Yes

    Yes

    No

    Application kill and uninstall capabilities

    4.4

    n/a

    No

    2.2

    Apex

    Yes

    Yes

    No

    Cisco temporal agent

    4.5

    n/a

    No

    2.3

    ISE Apex

    Yes

    Yes

    No

    Enhanced SCCM approach

    4.5

    n/a

    No

    2.3

    AC Apex and ISE Apex

    Yes

    No

    No

    Posture policy enhancements for optional mode

    4.5

    n/a

    No

    2.3

    AC Apex and ISE Apex

    Yes

    Yes

    No

    Periodic probe interval in profile editor

    4.5

    n/a

    No

    2.3

    AC Apex and ISE Apex

    Yes

    Yes

    No

    Visibility into hardware inventory

    4.5

    n/a

    No

    2.3

    AC Apex and ISE Apex

    Yes

    Yes

    No

    Grace period for noncompliant devices

    4.6

    n/a

    No

    2.4

    AC Apex and ISE Apex

    Yes

    Yes

    No

    Posture rescan

    4.6

    n/a

    No

    2.4

    AC Apex and ISE Apex

    Yes

    Yes

    No

    AnyConnect stealth mode notifications

    4.6

    n/a

    No

    2.4

    AC Apex and ISE Apex

    Yes

    Yes

    No

    Disabling UAC prompt

    4.6

    n/a

    No

    2.4

    AC Apex and ISE Apex

    Yes

    No

    No

    Enhanced grace period

    4.7

    n/a

    No

    2.6

    AC Apex and ISE Apex

    Yes

    Yes

    No

    Custom notification controls and revamp of remediation windows

    4.7

    n/a

    No

    2.6

    AC Apex and ISE Apex

    Yes

    Yes

    No


    Web Security

    Feature

    Minimum ASA/ASDM Release

    Meraki MX

    License Required

    Windows

    Mac

    Linux

    Core

    ASA 8.4(1)

    ASDM 6.4(1)

    No



    No

    Plus

    Yes

    Yes

    Yes

    No

    Cloud-hosted configuration

    Secure trusted network detection

    ASA 8.4(1)

    ASDM 7.0

    No






    No





    No

    Dynamic configuration elements

    Fail close/fail open policy


    AMP Enabler

    Feature

    Minimum ASA/ASDM Release

    Meraki MX

    Minimum ISE Release

    License Required

    Windows

    Mac

    Linux

    AMP enabler

    ASDM 7.4.2

    ASA 9.4.1

    No

    ISE 1.4

    Plus

    Yes

    Yes

    No


    Network Visibility Module

    Feature

    Minimum ASA/ASDM Release

    Meraki MX

    Minimum ISE Release

    License Required

    Windows

    Mac

    Linux

    Network visibility module

    ASDM 7.5.1

    ASA 9.5.1

    Yes, in special NVM profile. Must be deployed locally.

    no ISE dependency

    Apex

    Yes

    Yes

    Yes

    Adjustment to the rate at which data is sent

    ASDM 7.5.1

    ASA 9.5.1

    Yes, in special NVM profile. Must be deployed locally.

    no ISE dependency

    Apex

    Yes

    Yes

    Yes

    Customization of NVM timer

    ASDM 7.5.1

    ASA 9.5.1

    Yes, in special NVM profile. Must be deployed locally.

    no ISE dependency

    Apex

    Yes

    Yes

    Yes

    Broadcast and multicast option for data collection

    ASDM 7.5.1

    ASA 9.5.1

    Yes, in special NVM profile. Must be deployed locally.

    no ISE dependency

    Apex

    Yes

    Yes

    Yes

    Creation of anonymization profiles

    ASDM 7.5.1

    ASA 9.5.1

    Yes, in special NVM profile. Must be deployed locally.

    no ISE dependency

    Apex

    Yes

    Yes

    Yes

    Broader data collection and anonymization with hashing

    ASDM 7.7.1

    ASA 9.7.1

    Yes, in special NVM profile. Must be deployed locally.

    no ISE dependency

    Apex

    Yes

    Yes

    Yes

    Support for Java as a container

    ASDM 7.7.1

    ASA 9.7.1

    Yes, in special NVM profile. Must be deployed locally.

    no ISE dependency

    Apex

    Yes

    Yes

    Yes

    Configuration of cache to customize

    ASDM 7.7.1

    ASA 9.7.1

    Yes, in special NVM profile. Must be deployed locally.

    no ISE dependency

    Apex

    Yes

    Yes

    Yes

    Periodic flow reporting

    ASDM 7.7.1

    ASA 9.7.1

    Yes, in special NVM profile. Must be deployed locally.

    no ISE dependency

    Apex

    Yes

    Yes

    Yes

    Flow filter

    n/a

    Yes, in special NVM profile. Must be deployed locally.

    no ISE dependency

    Apex

    Yes

    Yes

    Yes

    Stand-alone NVM

    n/a

    Yes, in special NVM profile. Must be deployed locally.

    n/a

    Apex

    Yes

    Yes

    Yes


    Umbrella Roaming Security Module

    Feature

    Minimum ASA/ASDM Release

    Meraki MX

    Minimum ISE Release

    License Required

    Windows

    Mac

    Linux

    Umbrella roaming security module

    ASDM 7.6.2

    ASA 9.4.1

    Yes, in special Umbrella profile. Must be deployed locally.

    ISE 2.0

    Either Plus or Apex

    Umbrella licensing is mandatory

    Yes

    Yes

    No

    Umbrella secure web gateway

    n/a

    Yes, in special Umbrella profile. Must be deployed locally.

    n/a

    SIG Essential package from Umbrella

    Yes

    Yes

    No

    OpenDNS IPv6 support

    n/a

    No, IPv6

    n/a

    n/a

    Yes

    Yes

    No


    Reporting and Troubleshooting Modules

    Customer Experience Feedback

    Feature

    Minimum ASA/ASDM Release

    Meraki MX

    License Required

    Windows

    Mac

    Linux

    Customer experience feedback

    ASA 8.4(1)

    ASDM 7.0

    Yes

    Plus

    Yes

    Yes

    No


    Diagnostic and Report Tool (DART)

    Log Type

    Minimum ASA/ASDM Release

    Meraki MX

    License Required

    Windows

    Mac

    Linux

    VPN

    ASA 8.0(4)

    ASDM 6.3(1)

    Yes

    Plus

    Apex

    Yes

    Yes

    Yes

    Network access manager

    ASA 8.4(1)

    ASDM 6.4(1)

    Yes

    Yes

    No

    No

    Posture Assessment

    Yes

    Yes

    Yes

    Web security

    Yes

    Yes

    No

    • Was this article helpful?