Cisco released Anyconnect 4.0 this past November (more on the announcement HERE). Here is a really good video summarizing Anyconnect HERE.
Anyconnect is Cisco’s flagship VPN solution providing users access to internal sources from anywhere, on any device regardless of physical location. Anyconnect has many bells and whistles such as “always on” meaning auto-connecting when off network yet turning off when on a trusted network, throttling apps that eat up bandwidth, checking the posture of devices prior to permitting connectivity (anti virus, system updates, etc), security for selective apps and many more. Cisco’s old VPN client IPsec is end of life (more HERE) so hopefully those using IPsec have migrated.
Whats new with Anyconnect 4.0
Per App VPN Tunneling – This feature permits corporations the ability to authorize specific apps access to resources behind the firewall. Certain devices and software may be required to support this feature.
Anyconnect ISE Posture Module and ISE Deployment – Many ISE customers have been waiting for this. For Single-Sign on and faster posture checks, ISE offers a agent used to check and enforce posture for devices accessing the network. Anyconnect 4.0 can now be merged with the latest ISE posture agent meaning customers using Anyconnect and ISE just need one client. ISE can also be used to web-deploy Anyconnect clicents to new endpoints accessing the network remotely. This simplifies deploying your VPN solution. Learn more by checking out the ISE 1.3 release.
Simplified Licensing Structure – Anyconnect use to have a ton of licensing components. For example, you would need a license for standard VPN, one for mobile devices, one for advanced features and so on.
Now there are two options: Apex and Plus
To use Anyconnect 4.0, a PLUS or APEX license is required. For those considering Migration, here is a chart to help understand comparing the old to new licenses
Hey what about those people who have invested in Anyconnect already? Well Cisco is offering Free license migrations for existing Premium users. Essential licensed customers can also take advantage of a discounted migration rate. See your trusted Cisco technology provider for more details on this.
I want to know that how the APEX licensing model distributes the user licenses. For example, My company has 10000 users. But, only 2000 users are usually use or connect to VPN at any given point of time, because Premium licensing model increases or decrease the license availability according to number of users connected to VPN in license pool, because this session based license.
On the other hand, APEX is user-based.
Does this mean that we need to buy 10000 licenses (one for each unique user), even though not more 2000 users usually connect at any given point of time.