Cisco AnyConnect - Easy, Fast, Secure
May 03, 2021
Cisco AnyConnect - Easy, Fast, Secure
Score 10 out of 10
Overall Satisfaction with Cisco AnyConnect
My entire company uses Cisco AnyConnect as our primary remote work connectivity tool. We have used it for the last 15 years, with all of our users using it as of 2 year[s] ago. We have added several layers of security and feel that this software made our transition to remote work during the pandemic flawless.
- Autoconnections are seamless for the users. There's nothing for them to do once it's all setup.
- It recognizes security certificates for the PC and user, so you can easily lock down the connectivity to the specific users and/or machines you need for your environment.
- Unless the WIFI is extremely poor, the software can make the connection and allow your users to function on the VPN.
- The client logs are usually good enough to begin troubleshooting issues - for example if you aren't getting good enough WIFI for connections or the certificates have expired and so on. However I wish they had more robust logs available without installing their special tools from Cisco support.
- I wish it could prevent users from open[ing] applications while it was attempting to connect. It's usually super fast to make connections, but this is based on the WIFI to some degree. Occasionally, we have users open Outlook too fast and add-ins gets disabled. It's not really a problem with this software, but I do wish it had the ability to prevent apps from opening until the connection is made or fails.
- It's not an expensive software license if you already have the Cisco firewalls that offer the licensing. So choosing this was not a significant investment for our company.
- Our alternate remote connection method for now is Citrix XenApp, which everyone hates because it's slow and they don't have access to their local drives, printers, and so on. So it's made our users extremely happy after we set up AnyConnect for everyone.
- During the pandemic, if we had not used AnyConnect, many of our users would not have been able to work, causing significant losses for our company and perhaps some user jobs.
For our users, they login to their firm provided laptop/desktop at home, Cisco AnyConnect sees they are not on our IPs, so it autoconnects the VPN to the specified name on the computer certificate, verifies the user by the user security certificate installed, and simply connects. Typically on my home WIFI this all takes 1-3 seconds. Once the user is connected, it's like sitting at their desk in the office. It doesn't fail. If there's a problem, it's always been the location's WIFI or the user security certificate expired.
We use several of the security options Cisco offers for AnyConnect. We use both the computer and user based security certificates, which we feel is more secure than the multifactor authentication but it works with that as well (such as DUO, which we have used with this in the past). We have the machines autoconnect to the VPN if they aren't in our offices both for the ease of use for the user and for security reasons. In our opinion, if the VPN is connected, then our data has a security wrapper around it traveling over the internet instead of their home routers which we have little to no control over.
We have a Managed Services provider that helped us setup the AnyConnect with the security settings we wanted on the Firewall. Implementing the always on feature (autoconnect) was NOT obvious and we could not get it to work with the certificates at first. We placed a call with the support team, which were fabulous. They stayed on the phone with us testing until we got it all working the way we wanted. Their support is great, especially if you ask them to stay on until its solved.
We now install Cisco AnyConnect on all of our laptops for remote work users and all of desktops, which have WIFI adapters. During the pandemic, we were therefore able to send all of our workers home to work remotely, even if they had a desktop. All of our users find it easy to use, especially since we have it set to auto-connect. We have our colosite for DR setup with an alternate VPN so in the event that our live site is down and we failover, all our users have to do is to type in the alternate VPN to be up and running once IT completes the failover. This means a simple process for our users during a stressful DR situation.
Upgrading Cisco AnyConnect
Yes - So we've been through many upgrades of AnyConnect over the years, but we've done 3 since we implemented the secure certificates and always on features. They went pretty well. One of the 3 upgrades had a random issue with 20% of our laptops and we had to manually uninstall, delete the certificates, then install the new version. The last 2 upgrades we have done in the last year went flawlessly. We pushed via SCCM. The install actually uninstalled the old, installed the new and read the same security certificates. It can be set to download the upgrade and install from the firewall when the users try to connect (which we tested fine), but we decided to use SCCM while users were at the office and do the install just incase we had issues - but there were none. The upgrade was a requirement for new firmware on the firewall.
- We didn't really notice any changes in the AnyConnect itself. The upgrades are all for security pieces users do not see.