Cisco AnyConnect

PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The reader
is available for free

Cisco AnyConnect 

by Karen Spring

Docid: 00017927

Publication Date: 1906

Report Type: PRODUCT


Cisco Systems’ AnyConnect is designed to deliver
a secure network backbone for multi-site and off-site transmission of large
amounts of data – from employee emails and video to classified files and health
records. It supports unified, endpoint compliance and protects corporate
networks by restricting VPN (virtual private network) access. AnyConnect has been designed with smartphones, tablets, and laptops in mind from the
start, making the product accessible on nearly any type of device. This report
profiles Cisco AnyConnect and its key features.

Report Contents:


[return to top of this report]

Cisco Systems’ AnyConnect line includes hardware and
software built to allow organizations to securely transmit internal data across
the public Web. Cisco says an "always-on intelligent VPN (virtual private
network)" enables AnyConnect to secure network access points while ensuring
the most effective tunneling protocol is used.

Faulkner Reports
Cisco Systems Company Profile
Switches Market Trends
Network Security Best

The AnyConnect Secure Mobility Client is a multi-faceted endpoint software
product that provides VPN access through Secure Sockets Layer (SSL) and IPsec
IKEv2 along with security through built-in modules. These modules provide
services through the VPN and Cisco Identity Services Engine (ISE) architecture
as well as Web security, network visibility, off-network protection, and the
Network Access Manager. AnyConnect consists of built-in Web security, malware
threat detection, phishing protection, and command and control callback

AnyConnect supports IEEE 802.1AE for data confidentiality, data integrity,
and data-origin authentication on wired networks. It offers IEEE 802.1X
capability for a single authentication framework to manage identities of both
users and devices. 

For end users, AnyConnect Secure Mobility Client offers the benefit of
security protection for various mobile device platforms and always-on
connectivity. Administrators benefit from simple secure-access policy
enforcement and tailored policy access to corporate resources and applications
for each user group and device. 

Cisco Systems
170 W Tasman Dr
San Jose CA 95134-1706
(408) 526-4000
Toll Free: (800) 553-6387
Fax: (408) 526-4100
Type: Data Networking Vendor
Service Areas: International
Founded: 1984
Stock Symbol: CSCO
Number of Employees: 71,833

The AnyConnect Secure Mobility Client is compatible with Cisco ASA 5500-X
Series Next-Generation Firewalls. 

Table 1 outlines AnyConnect Secure Mobility Client’s key features.

Table 1. Cisco
Systems AnyConnect Secure Mobility Client Features
Feature Description
Unified Endpoint Compliance The AnyConnect ISE Agent provides endpoint posture assessment and
remediation for Cisco ISE across wired and wireless
Encryption Supports strong encryption (AES-256 and 3DES-168) and next-generation
encryption including NSA Suite B algorithms, ESPv3 with IKEv2, 4096-bit
RSA keys, and more. 
Authentication Offers a range of authentication options including RADIUS, RADIUS with
password expiry, RADIUS one-time password, RSA SecurID, and more. 
Policy Control and Management Policies can either be preconfigured or configured locally. AnyConnect
checks for untrusted certificates and if it finds one, the system sends
out user warnings. 
Client Policy Firewall Includes protection for split-tunneling configurations. 
Compliance Supports Federal Information Processing Standard (FIPS) 140-2 level 2.
Web Security Integration Utilizes Cloud Web Security to prevent malware attacks and other
threats. A security license is required. 
Support for Mobile Devices Allows mobile devices to have remote access to the company
Localization Support multiple languages in addition to English.
Diagnostics On-device statistics and logging data are available for
viewing on device or can be emailed to an administrator or Cisco for

Cisco AnyConnect Secure Mobility Client for Mobile Platforms
Available for iOS, Android, Windows Phone, BlackBerry, select Amazon Kindle
and Fire Phone devices, and Chrome OS. AnyConnect Secure Mobility Client for
Mobile Platforms offers a simple user interface along with DTLS, IPsec IKEv2,
and TLS for encrypted access to corporate resources. 

Table 2 describes the main features for AnyConnect Secure Mobility Client for
Mobile Platforms. 

Table 2. Cisco AnyConnect Secure Mobility Client for Mobile Platforms Features
Feature Description
Software Access and Compatibility  Available from the Apple App Store; Google Play, Windows
Store; BlackBerry App World; Google Chrome OS; and the Amazon AppStore. 
Optimized Network Access Automatically adapts to tunneling to the most efficient
method based on network constraints. 
Mobile Transparency Resumes transparently after IP address change, loss of
connectivity, or device stand-by. 
Battery Transparency Compatible with device sleep mode. 
Encryption  Supports strong encryption and next-generation
Authentication Provides various authentication including RADIUS, RSA
SecurID, Active Directory or Kerberos, and digital certificate. 
Consistent User Experience Full-tunnel client mode supports remote access users who
require a consistent LAN-like user experience. 
Policy Control and Management Policies can be pre-configured or configured locally and be
automatically updated. 
IP Network Connectivity Supports administrator-controlled split- or all-tunneling
network access policy. 
Localization Supports various languages,
including English, Japanese, and Canadian French. 
Diagnostics On-device statistics and logging data are available for
viewing on device or can be emailed to an administrator or Cisco for

Cisco ASA 5500-X Series Next-Generation Firewalls with AnyConnect Secure
Mobility Client
Cisco’s Adaptive Security Appliance (ASA) 5500-X Series can be scaled to
10,000 concurrent users per device and supports secure connections across public
networks. This series of firewalls provides customized network access as
required by the deployment environment and protects endpoints and networks.
Full-tunnel network access is conducted through: 

  • SSL
  • IPsec VPN client technologies
  • AnyConnect Secure Mobility Client
  • Advanced clientless SSL VPN capabilities
  • Network-aware site-to-site VPN connectivity


[return to top of this report]

Multi-site Corporations. Cisco’s AnyConnect offerings are primarily designed for
multi-site enterprise environments, including those intended to service the remote
and mobile worker.

High-Security Industries. Products managed services are targeted at
high-security industries such as banking, healthcare, government contractors.

Mobile Devices in the Workplace. Cisco has integrated mobile devices
into AnyConnect from the ground up, including smartphones, Apple iPads, and
tablets, and laptops.


[return to top of this report]

The AnyConnect Secure Mobility Client supports Windows 10, 8.1, 8, and 7; Mac
OS X 10.8 and later; and Linux Intel (x64). AnyConnect supports SSL (TLS 1.2 and
DTLS) and next-generation IPsec IKEv2 so that administrators can select their
protocol of choice. 

AnyConnect Secure Mobility Client is currently in version 4.7 as of June 2019.


[return to top of this report]

Cisco offers online support including reference guides, configuration advice,
operational and maintenance information, documentation, and troubleshooting

Clients also can register and purchase
additional support. 


[return to top of this report]

AnyConnect is available through a licensing model that
comes in two tiers. AnyConnect Plus for basic VPN services (i.e. AnyConnect and
standards-based IPsec IKev2 software clients, tbasic device context collection,
and FIPS compliance). AnyConnect Apex is the second
licensing tier and involves more advanced services such as clientless VPN, VPN
posture agent, unified posture agent, and more. 


[return to top of this report]

Cisco’s VPN portfolio competes primarily with VPN hardware and client
software from various vendors. FortiClient from
Fortinet, Palo Alto Networks’ GlobalProtect, and Zscaler’s Private Access are
the main competition for AnyConnect. 

[return to top of this report]

Cisco Systems:
Palo Alto Networks: 

About the Author

[return to top of this report]

Karen M. Spring is a staff editor for Faulkner Information
Services, tracking several high-tech industries. She has research experience in
various topics including network security, data breaches, malware, public
safety, business continuity and resilience, and vulnerabilities. She has written
on high-tech topics for publications in the k-12 and higher education industry.
Ms. Spring started her career as a marketing specialist for two computer
distributors, working closely with such clients as 3Com, IBM, Okidata, Unisys,
and Acer.

[return to top of this report]