There has been a lot of questions around the new AnyConnect licensing introduced with the AnyConnect 4.0 release. In summary, the older version of AnyConnect had many license options (TOO MANY!). So Cisco has consolidated these into two options, which are Plus and Apex. Below is a comparison of how the AnyConnect 3.1 compares to AnyConnect 4.0. Hope it helps!
Regarding the latest AnyConnect, Cisco just released the new version for AnyConnect 4.1 (data sheet found HERE). The highlights for this release are found below.
What’s New in AnyConnect 4.1 Release
The AnyConnect Secure Mobility Client 4.1 software release delivers new features in several key areas of the solution including:
- Posture Enhancements: Together with ISE Posture, the AnyConnect ISE Posture will provide compliance validation and remediation for major patch management systems such as SCCM. Custom Posture checking (file, system, and process) on endpoint is extended to include Mac OS X for even greater levels of endpoint compliance across leading desktop operating systems.
- Auto Public Proxy Detection (Mac OS X and Linux): Ability to automatically detect public proxy settings and use these servers for connection on Mac OS X and Linux. AnyConnect VPN connections will function in these environment and allow users to connect back to their corporate network.
- Optional head-end CRL Checking (Windows): Good security practice says that when you are attempting to validate a certificate you should be checking the Revocation status of that certificate, unfortunately doing so causes problems for customers who do not have publicly accessible revocation lists. Government customers and good security practice dictate that we offer CRL functionality. Implementation of this feature requires the revocation list to be accessible publicly and will be optional to deal with this requirement.
- AMP Enabler (Windows and OS X): Allows AnyConnect client to easily distribute AMP for Endpoints capabilities for additional threat protection services to AnyConnect enabled endpoints. The ability for the networking and/or security team to deploy Cisco AMP for Endpoint on demand to enterprise connected endpoint installed minimizes the risk of malware attacks and can accelerate remediation once malware is detected without having to rely on traditional desktop tools that may or may not be up to date or even active on the endpoint, be they local or remote.