AnyConnect on ASA vs. MX

Feature

Minimum ASA/ASDM Release

Meraki MX
wired 16.2+

Minimum License Required

Windows

Mac

Linux

SSL (TLS & DTLS), including per-app VPN

ASA 8.0(4)

ASDM 6.3(1)

Yes, TLS/DTLS.
No, per-app VPN

Advantage (formerly Plus)

Yes

Yes

Yes

TLS compression

ASA 8.0(4)

ASDM 6.3(1)

No

Yes

Yes

Yes

DTLS fallback to TLS

ASA 8.4.2.8

ASDM 6.3(1)

Yes

Yes

Yes

Yes

IPsec/IKEv2

ASA 8.4(1)

ASDM 6.4(1)

No

Yes

Yes

Yes

Split tunneling

ASA 8.0(x)

ASDM 6.3(1)

Yes

Yes

Yes

Yes

Dynamic split tunneling

ASA 9.0

Yes

Plus, Apex, or VPN-only

Yes

Yes

No

Enhanced dynamic split tunneling

ASA 9.0

No

Plus, Apex, or VPN-only

Yes

Yes

No

Split DNS

ASA 8.0(4)

ASDM 6.3(1)

No

Yes

Yes

No

Ignore browser proxy

ASA 8.3(1)

ASDM 6.3(1)

Yes, in profile

Yes

Yes

No

Proxy auto config (PAC) file generation

ASA 8.0(4)

ASDM 6.3(1)

Yes, in profile

Yes

No

No

Internet Explorer connections tab lockdown

ASA 8.0(4)

ASDM 6.3(1)

Yes, in profile

Yes

No

No

Optimal gateway selection

ASA 8.0(4)

ASDM 6.3(1)

Yes, in profile

Yes

Yes

No

Local LAN access

ASA 8.0(4)

ASDM 6.3(1)

Yes

Yes

Yes

Yes

Tethered device access via client firewall rules, for synchronization

ASA 8.3(1)

ASDM 6.3(1)

No

Yes

Yes

Yes

Local printer access via client firewall rules

ASA 8.3(1)

ASDM 6.3(1)

No

Yes

Yes

Yes

IPv6

ASA 9.0

ASDM 7.0

No

Yes

Yes

No

Further IPv6 implementation

ASA 9.7.1

ASDM 7.7.1

No

Yes

Yes

Yes

Certificate pinning

No dependency

Yes, in profile

Plus, Apex, or VPN-only

Yes

Yes

Yes

Management VPN tunnel

ASA 9.0

ASDM 7.10.1

No

Premier (formerly Apex)

Yes

No

No

Feature

Minimum ASA/ASDM Release

Meraki MX

Minimum License Required

Windows

Mac

Linux

Simultaneous clientless & AnyConnect connections

ASA8.0(4)

ASDM 6.3(1)

No

Yes

Yes

Yes

Start before log on (SBL)

ASA 8.0(4)

ASDM 6.3(1)

Yes

Yes

No

No

Run script on connect and disconnect

ASA 8.0(4)

ASDM 6.3(1)

Yes

Yes

Yes

Yes

Minimize on connect

ASA 8.0(4)

ASDM 6.3(1)

Yes

Yes

Yes

Yes

Auto connect on start

ASA 8.0(4)

ASDM 6.3(1)

Yes

Yes

Yes

Yes

Auto reconnect (disconnect on system suspend, reconnect on system resume)

ASA 8.0(4)

ASDM 6.3(1)

Yes

Yes

Yes

No

Remote user VPN establishment (permitted or denied)

ASA 8.0(4)

ASDM 6.3(1)

Yes, in profile

Yes

No

No

Log-in enforcement (terminate VPN session if another user logs in)

ASA 8.0(4)

ASDM 6.3(1)

Yes, in profile

Yes

No

No

Retain VPN session (when user logs off, and then when this or another user logs in)

ASA 8.0(4)

ASDM 6.3(1)

Yes, in profile

Yes

No

No

Trusted network detection (TND)

ASA 8.0(4)

ASDM 6.3(1)

Yes, in profile

Yes

Yes

Yes

Always-on (VPN must be connected to access network)

ASA 8.0(4)

ASDM 6.3(1)

Yes

Yes

Yes

No

Always-on exemption via DAP

ASA 8.3(1)

ASDM 6.3(1)

No

Yes

Yes

No

Connect failure policy (internet access allowed or disallowed if VPN connection fails)

ASA 8.0(4)

ASDM 6.3(1)

Yes

Yes

Yes

No

Captive portal detection

ASA 8.0(4)

ASDM 6.3(1)

Yes

Yes

Yes

Yes

Captive portal remediation

ASA 8.0(4)

ASDM 6.3(1)

Yes, in profile

Yes

Yes

No

Enhanced captive portal remediation

No dependency

Yes

No

No

Feature

Minimum ASA/ASDM Release

Meraki MX

Minimum License Required

Windows

Mac

Linux

Certificate-only authentication

ASA 8.0(4)

ASDM 6.3(1)

No




No
 

No
 

No

Yes

 

No

Yes

Yes

Yes

RSA SecurID/SoftID integration

Yes

No

No

Smartcard support

Yes

Yes

No

SCEP (requires posture module if machine ID is used)

Yes

Yes

No

List and select certificates

Yes

No

No

FIPS

Yes

Yes

Yes

SHA-2 for IPsec IKEv2 (digital signatures, integrity, & PRF)

ASA 8.0(4)

ASDM 6.4(1)

No IKEv2

Yes

Yes

Yes

Yes

Strong encryption (AES-256 & 3des-168)

Advantage (formerly Plus)

Yes

Yes

Yes

NSA suite-B (IPsec only)

ASA 9.0

ASDM 7.0

No

Yes

Yes

Yes

Enable CRL check

n/a

No

Yes

No

No

SAML 2.0 SSO

ASA 9.7.1

ASDM 7.7.1

Yes

Apex or VPN only

Yes

Yes

Yes

Enhanced SAML 2.0

ASA 9.7.1.24

ASA 9.8.2.28

ASA 9.9.2.1

No

Apex or VPN only

Yes

Yes

Yes

Multiple-certificate authentication

ASA 9.7.1

ASDM 7.7.1

No

Plus, Apex, or VPN only

Yes

Yes

Yes

Feature

Minimum ASA/ASDM Release

Meraki MX

Minimum License Required

Windows

Mac

Linux

GUI

ASA 8.0(4)

ASDM 6.3(1)

Dashboard

No

Yes




No




No




No



No

Yes

Yes

Yes

Command line

Yes

Yes

Yes

API

Yes

Yes

Yes

Microsoft component object module (COM)

Yes

No

No

Localization of user messages

Yes

Yes

No

Custom MSI transforms

Yes

No

No

User defined resource files

Yes

Yes

No

Client help

ASA 9.0

ASDM 7.0

Yes

Yes

Yes

Yes

Feature

Minimum ASA/ASDM Release

Meraki MX

Minimum license Required

Windows

Mac

Linux

Core

ASA 8.4(1)

ASDM 6.4(1)

Yes

Yes

No

No

Wired support IEEE 802.3

Yes

Wireless support IEEE 802.11

Yes

Pre-log on and single sign-on authentication

Yes

IEEE 802.1X

Yes

IEEE 802.1AE MACsec

Yes

EAP methods

Yes

FIPS 140-2 level 1

Yes

Mobile broadband support

ASA 8.4(1)

ASDM 7.0

Yes

Yes

IPv6

ASA 9.0

ASDM 7.0

No

Yes

NGE and NSA suite-B

Yes

TLS 1.2 for VPN connectivity*

n/a

Yes

Yes

No

No

Feature

Minimum ASA/ASDM Release

Meraki MX

Minimum License Required

Windows

Mac

Linux

Endpoint Assessment

ASA 8.0(4)

ASDM 6.3(1)

No



No



No

Yes

Yes

Yes

Endpoint Remediation

Yes

Yes

Yes

Quarantine

Yes

Yes

Yes

Quarantine status & terminate message

ASA 8.3(1)

ASDM 6.3(1)

No

Yes

Yes

Yes

HostScan package update

ASA 8.4(1)

ASDM 6.4(1)

No



No

Yes

Yes

Yes

Host emulation detection

Yes

No

No

OPSWAT v4

ASA 9.9(1)

ASDM 7.9(1)

No

Yes

Yes

Yes

Feature

Minimum AnyConnect Release

Minimum ASA/ASDM Release

Meraki MX

Minimum ISE Release

Minimum license Required

Windows

Mac

Linux

Change of authorization (CoA)

4.0

ASA 9.2.1

ASDM 7.2.1

No

2.0

Yes

Yes

Yes

ISE posture profile editor

4.0

ASA 9.2.1

ASDM 7.2.1

No

n/a

Yes

Yes

Yes

AC identity extensions (ACIDex)

4.0

n/a

No

2.0

Yes

Yes

Yes

ISE posture module

4.0

n/a

No

2.0

Yes

Yes

No

Detection of USB mass storage devices (v4 only)

4.3

n/a

No

2.1

Yes

No

No

OPSWAT v4

4.3

n/a

No

2.1

Yes

Yes

No

Stealth agent for posture

4.4

n/a

No

2.2

Yes

Yes

No

Continuous end-point monitoring

4.4

n/a

No

2.2

Yes

Yes

No

Next-generation provisioning and discovery

4.4

n/a

No

2.2

Yes

Yes

No

Application kill and uninstall capabilities

4.4

n/a

No

2.2

Yes

Yes

No

Cisco temporal agent

4.5

n/a

No

2.3

ISE Premier (formerly Apex)

Yes

Yes

No

Enhanced SCCM approach

4.5

n/a

No

2.3

Yes

No

No

Posture policy enhancements for optional mode

4.5

n/a

No

2.3

Yes

Yes

No

Periodic probe interval in profile editor

4.5

n/a

No

2.3

Premier (formerly Apex) and ISE Apex

Yes

Yes

No

Visibility into hardware inventory

4.5

n/a

No

2.3

Yes

Yes

No

Grace period for noncompliant devices

4.6

n/a

No

2.4

Yes

Yes

No

Posture rescan

4.6

n/a

No

2.4

Yes

Yes

No

AnyConnect stealth mode notifications

4.6

n/a

No

2.4

Yes

Yes

No

Disabling UAC prompt

4.6

n/a

No

2.4

Premier (formerly Apex) and ISE Apex

Yes

No

No

Enhanced grace period

4.7

n/a

No

2.6

Premier (formerly Apex) and ISE Apex

Yes

Yes

No

Custom notification controls and revamp of remediation windows

4.7

n/a

No

2.6

Premier (formerly Apex) and ISE Apex

Yes

Yes

No

Feature

Minimum ASA/ASDM Release

Meraki MX

Minimum License Required

Windows

Mac

Linux

Core

ASA 8.4(1)

ASDM 6.4(1)

No



No

Yes

Yes

Yes

No

Cloud-hosted configuration

Secure trusted network detection

ASA 8.4(1)

ASDM 7.0

No






No





No

Dynamic configuration elements

Fail close/fail open policy

Feature

Minimum ASA/ASDM Release

Meraki MX

Minimum ISE Release

Minimum license Required

Windows

Mac

Linux

AMP enabler

ASDM 7.4.2

ASA 9.4.1

No

ISE 1.4

Yes

Yes

No

Feature

Minimum ASA/ASDM Release

Meraki MX

Minimum ISE Release

Minimum License Required

Windows

Mac

Linux

Network visibility module

ASDM 7.5.1

ASA 9.5.1

Yes, in special NVM profile. Must be deployed locally.

no ISE dependency

Yes

Yes

Yes

Adjustment to the rate at which data is sent

ASDM 7.5.1

ASA 9.5.1

no ISE dependency

Yes

Yes

Yes

Customization of NVM timer

ASDM 7.5.1

ASA 9.5.1

no ISE dependency

Yes

Yes

Yes

Broadcast and multicast option for data collection

ASDM 7.5.1

ASA 9.5.1

no ISE dependency

Yes

Yes

Yes

Creation of anonymization profiles

ASDM 7.5.1

ASA 9.5.1

no ISE dependency

Yes

Yes

Yes

Broader data collection and anonymization with hashing

ASDM 7.7.1

ASA 9.7.1

no ISE dependency

Yes

Yes

Yes

Support for Java as a container

ASDM 7.7.1

ASA 9.7.1

no ISE dependency

Yes

Yes

Yes

Configuration of cache to customize

ASDM 7.7.1

ASA 9.7.1

no ISE dependency

Yes

Yes

Yes

Periodic flow reporting

ASDM 7.7.1

ASA 9.7.1

no ISE dependency

Yes

Yes

Yes

Flow filter

n/a

no ISE dependency

Yes

Yes

Yes

Stand-alone NVM

n/a

n/a

Yes

Yes

Yes

Feature

Minimum ASA/ASDM Release

Meraki MX

Minimum ISE Release

Minimum License Required

Windows

Mac

Linux

Umbrella roaming security module

ASDM 7.6.2

ASA 9.4.1

Yes, in special Umbrella profile. Must be deployed locally.

ISE 2.0

Either Advantage or Premier

Umbrella licensing is mandatory

Yes

Yes

No

Umbrella secure web gateway

n/a

n/a

SIG Essential package from Umbrella

Yes

Yes

No

OpenDNS IPv6 support

n/a

No, IPv6

n/a

n/a

Yes

Yes

No

Feature

Minimum ASA/ASDM Release

Meraki MX

Minimum License Required

Windows

Mac

Linux

Customer experience feedback

ASA 8.4(1)

ASDM 7.0

Yes

Advantage (formerly Plus)

Yes

Yes

No

Log Type

Minimum ASA/ASDM Release

Meraki MX

Minimum License Required

Windows

Mac

Linux

VPN

ASA 8.0(4)

ASDM 6.3(1)

Yes

Advantage or Premier

Yes

Yes

Yes

Network access manager

ASA 8.4(1)

ASDM 6.4(1)

Yes

Yes

No

No

Posture Assessment

Yes

Yes

Yes

Web security

Yes

Yes

No