Overall Satisfaction with Cisco AnyConnect
My entire company uses Cisco AnyConnect as our primary remote work connectivity tool. We have used it for the last 15 years, with all of our users using it as of 2 year[s] ago. We have added several layers of security and feel that this software made our transition to remote work during the pandemic flawless.
- Autoconnections are seamless for the users. There's nothing for them to do once it's all setup.
- It recognizes security certificates for the PC and user, so you can easily lock down the connectivity to the specific users and/or machines you need for your environment.
- Unless the WIFI is extremely poor, the software can make the connection and allow your users to function on the VPN.
- The client logs are usually good enough to begin troubleshooting issues - for example if you aren't getting good enough WIFI for connections or the certificates have expired and so on. However I wish they had more robust logs available without installing their special tools from Cisco support.
- I wish it could prevent users from open[ing] applications while it was attempting to connect. It's usually super fast to make connections, but this is based on the WIFI to some degree. Occasionally, we have users open Outlook too fast and add-ins gets disabled. It's not really a problem with this software, but I do wish it had the ability to prevent apps from opening until the connection is made or fails.
- It's not an expensive software license if you already have the Cisco firewalls that offer the licensing. So choosing this was not a significant investment for our company.
- Our alternate remote connection method for now is Citrix XenApp, which everyone hates because it's slow and they don't have access to their local drives, printers, and so on. So it's made our users extremely happy after we set up AnyConnect for everyone.
- During the pandemic, if we had not used AnyConnect, many of our users would not have been able to work, causing significant losses for our company and perhaps some user jobs.
We use several of the security options Cisco offers for AnyConnect. We use both the computer and user based security certificates, which we feel is more secure than the multifactor authentication but it works with that as well (such as DUO, which we have used with this in the past). We have the machines autoconnect to the VPN if they aren't in our offices both for the ease of use for the user and for security reasons. In our opinion, if the VPN is connected, then our data has a security wrapper around it traveling over the internet instead of their home routers which we have little to no control over.
We have Citrix Xenapp installed for remote connectivity as well as the Cisco AnyConnect. Since installing the AnyConnect, we have 2 out of 130 users that now use Citrix Xenapp for remote connectivity - everyone else prefers AnyConnect for speed of connection, less profile issues on Citrix, and access to their installed applications and their local C drive. Citrix Xenapp is now slated to be deprecated within the year at our business.
Do you think Cisco AnyConnect delivers good value for the price?
Yes
Are you happy with Cisco AnyConnect's feature set?
Yes
Did Cisco AnyConnect live up to sales and marketing promises?
Yes
Did implementation of Cisco AnyConnect go as expected?
Yes
Would you buy Cisco AnyConnect again?
Yes
Resilience and Reliability
Cisco AnyConnect is not only our chosen secure remote connectivity method, but it is also a large part of our Business Continuity plan. We have implemented AnyConnect in our production environment for remote connectivity. We have also implemented AnyConnect VPN access to our colo-site (DR site). If we have to fail-over to our DR site, the users simply have to 1) connect to WIFI and 2)type in the name of the DR VPN site we provide to connect. The resiliency built into this DR plan adds immense value as potential time savings to our business continuity plan. In the event of a DR situation, the time to get users up and connected to our DR site is significantly reduced with this configuration made possible by AnyConnect software.
We implemented Cisco AnyConnect as "always on", using machine and user security certificates, and enforce no split-tunneling. All of these together have added to our security posture. We are strongly considering also adding MFA for user machine logins, which adds yet another layer of security to physically accessing the user laptop before user login. We had MFA enforced on the AnyConnect at one point, but decided the security certificates (both machine and user) made more sense for our organization. The great thing is that AnyConnect offers security options for each organization to choose their setup methodology.
- Originally AnyConnect was used for travel, so only a few users had it installed, but it became our number one method for remote connectivity for work at home during COVID19. We were able to get ALL users home to work within 2 days of HR deciding on the plan - which was time for the full user install and training!
- Some of our attorneys are now able to use the AnyConnect while in court to access documents on the fly when needed unexpectedly.
Using Cisco AnyConnect
130 - Everyone in our firm, about 130 users, connect using Cisco AnyConnect when working remotely (from home, travel, court). This includes our administrative staff (accounting, IT, HR), our legal staff (paralegals and legal assistant) and attorneys. This is our primary method of remote connectivity and our users all like it and find it extremely easy to use.
2 - Cisco AnyConnect was implemented by our Managed Services vendor on network equipment. The client side application was initially installed via SCCM to all user machines. We have done four or five upgrades and they have all been easy. We have 2 IT people that support the user side of this application, but honestly once it's installed and the user 5 minute training is done, we've not had any issues to support.
- Secure remote connectivity to on prem servers for users to access data
- Secure remote connectivity forcing GPOs, EDR, and other security services to run as required by our policies
- Secure remote connectivity to enforce upgrades (OS and application) while users work from home
- We are looking to potentially open AnyConnect usage with trusted vendors for remote connectivity for scheduled maintenance of their applications.
Cisco AnyConnect Support
Pros | Cons |
---|---|
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed Immediate help available Support cares about my success | None |
We purchase the Cisco SmartNets for our all of our Cisco gear and software. The support we get makes the extra cost worth it. We renew the maintenance annually. This also keeps us keep track of EOS and EOL on the software and hardware and make sure we replace items in a timely manner to avoid security holes.
Yes - We reported an issue with AnyConnect on specific firmware version on the Cisco firewall when using the VPN "always on" and machine and user certificates. Cisco support helped us with a work around for about 2 months until they released a new firmware version for our ASA and we were able to upgrade and then implement the features we needed. Support was helpful and responsive and we felt like two months was timely since we did indeed have a work around.
We reported an issue with AnyConnect on specific firmware version on the Cisco firewall when using the VPN "always on" and machine and user certificates. Cisco support helped us with a work around for about 2 months until they released a new firmware version for our ASA and we were able to upgrade and then implement the features we needed. Support was helpful and responsive and we felt like two months was timely since we did indeed have a work around. During this time, one Friday during the final testing of the update, our support person's shift ended and she stayed over almost an hour to help transition our case to someone else to finishing helping us so we could complete the test and go live that weekend.
Using Cisco AnyConnect
Pros | Cons |
---|---|
Like to use Relatively simple Easy to use Technical support not required Well integrated Consistent Quick to learn Convenient Feel confident using Familiar | None |
- If you use the machine and user based security certificates with the always-on feature, there is zero user interaction required. The user connects to WIFI, then the software automatically connects with zero user interaction.
- If you use the MFA for the AnyConnect connection, once the VPN address is entered in software once and it successfully connects, it will remember it. For there the user just has to connect to WIFI, select the remembered VPN, enter their MFA code (or a push if setup). It's super easy.
- None
Upgrading Cisco AnyConnect
Yes - So we've been through many upgrades of AnyConnect over the years, but we've done 3 since we implemented the secure certificates and always on features. They went pretty well. One of the 3 upgrades had a random issue with 20% of our laptops and we had to manually uninstall, delete the certificates, then install the new version. The last 2 upgrades we have done in the last year went flawlessly. We pushed via SCCM. The install actually uninstalled the old, installed the new and read the same security certificates. It can be set to download the upgrade and install from the firewall when the users try to connect (which we tested fine), but we decided to use SCCM while users were at the office and do the install just incase we had issues - but there were none. The upgrade was a requirement for new firmware on the firewall.
- We didn't really notice any changes in the AnyConnect itself. The upgrades are all for security pieces users do not see.
- More security - Cisco is always closing security vulnerabilities it finds.
- Confirmed support for Windows 11