Cisco AnyConnect - Easy, Fast, Secure
Updated July 05, 2022
Cisco AnyConnect - Easy, Fast, Secure
Score 10 out of 10
Overall Satisfaction with Cisco AnyConnect
My entire company uses Cisco AnyConnect as our primary remote work connectivity tool. We have used it for the last 15 years, with all of our users using it as of 2 year[s] ago. We have added several layers of security and feel that this software made our transition to remote work during the pandemic flawless.
- Autoconnections are seamless for the users. There's nothing for them to do once it's all setup.
- It recognizes security certificates for the PC and user, so you can easily lock down the connectivity to the specific users and/or machines you need for your environment.
- Unless the WIFI is extremely poor, the software can make the connection and allow your users to function on the VPN.
- The client logs are usually good enough to begin troubleshooting issues - for example if you aren't getting good enough WIFI for connections or the certificates have expired and so on. However I wish they had more robust logs available without installing their special tools from Cisco support.
- I wish it could prevent users from open[ing] applications while it was attempting to connect. It's usually super fast to make connections, but this is based on the WIFI to some degree. Occasionally, we have users open Outlook too fast and add-ins gets disabled. It's not really a problem with this software, but I do wish it had the ability to prevent apps from opening until the connection is made or fails.
- It's not an expensive software license if you already have the Cisco firewalls that offer the licensing. So choosing this was not a significant investment for our company.
- Our alternate remote connection method for now is Citrix XenApp, which everyone hates because it's slow and they don't have access to their local drives, printers, and so on. So it's made our users extremely happy after we set up AnyConnect for everyone.
- During the pandemic, if we had not used AnyConnect, many of our users would not have been able to work, causing significant losses for our company and perhaps some user jobs.
For our users, they login to their firm provided laptop/desktop at home, Cisco AnyConnect sees they are not on our IPs, so it autoconnects the VPN to the specified name on the computer certificate, verifies the user by the user security certificate installed, and simply connects. Typically on my home WIFI this all takes 1-3 seconds. Once the user is connected, it's like sitting at their desk in the office. It doesn't fail. If there's a problem, it's always been the location's WIFI or the user security certificate expired.
We use several of the security options Cisco offers for AnyConnect. We use both the computer and user based security certificates, which we feel is more secure than the multifactor authentication but it works with that as well (such as DUO, which we have used with this in the past). We have the machines autoconnect to the VPN if they aren't in our offices both for the ease of use for the user and for security reasons. In our opinion, if the VPN is connected, then our data has a security wrapper around it traveling over the internet instead of their home routers which we have little to no control over.
We have a Managed Services provider that helped us setup the AnyConnect with the security settings we wanted on the Firewall. Implementing the always on feature (autoconnect) was NOT obvious and we could not get it to work with the certificates at first. We placed a call with the support team, which were fabulous. They stayed on the phone with us testing until we got it all working the way we wanted. Their support is great, especially if you ask them to stay on until its solved.
We have Citrix Xenapp installed for remote connectivity as well as the Cisco AnyConnect. Since installing the AnyConnect, we have 2 out of 130 users that now use Citrix Xenapp for remote connectivity - everyone else prefers AnyConnect for speed of connection, less profile issues on Citrix, and access to their installed applications and their local C drive. Citrix Xenapp is now slated to be deprecated within the year at our business.
Do you think Cisco AnyConnect delivers good value for the price?
Are you happy with Cisco AnyConnect's feature set?
Did Cisco AnyConnect live up to sales and marketing promises?
Did implementation of Cisco AnyConnect go as expected?
Would you buy Cisco AnyConnect again?
We now install Cisco AnyConnect on all of our laptops for remote work users and all of desktops, which have WIFI adapters. During the pandemic, we were therefore able to send all of our workers home to work remotely, even if they had a desktop. All of our users find it easy to use, especially since we have it set to auto-connect. We have our colosite for DR setup with an alternate VPN so in the event that our live site is down and we failover, all our users have to do is to type in the alternate VPN to be up and running once IT completes the failover. This means a simple process for our users during a stressful DR situation.
Resilience and Reliability
Cisco AnyConnect is not only our chosen secure remote connectivity method, but it is also a large part of our Business Continuity plan. We have implemented AnyConnect in our production environment for remote connectivity. We have also implemented AnyConnect VPN access to our colo-site (DR site). If we have to fail-over to our DR site, the users simply have to 1) connect to WIFI and 2)type in the name of the DR VPN site we provide to connect. The resiliency built into this DR plan adds immense value as potential time savings to our business continuity plan. In the event of a DR situation, the time to get users up and connected to our DR site is significantly reduced with this configuration made possible by AnyConnect software.
We implemented Cisco AnyConnect as "always on", using machine and user security certificates, and enforce no split-tunneling. All of these together have added to our security posture. We are strongly considering also adding MFA for user machine logins, which adds yet another layer of security to physically accessing the user laptop before user login. We had MFA enforced on the AnyConnect at one point, but decided the security certificates (both machine and user) made more sense for our organization. The great thing is that AnyConnect offers security options for each organization to choose their setup methodology.
This is software is easy to use, easy to maintain, easy to support, cost effective, and extremely secure. We will continue to use it for all employees well into the future. We have already renewed our licenses for another 5 years - that's how confident we are that this software will remain a primary security solution for our firm.
Our Managed Services vendor helped us with the implementation. When we initially setup our AnyConnect using MFA for remote connectivity, the setup was easy and straight forward and worked just fine. After a year, we decided to change to an "always on" feature and use machine and user based security certificates instead of MFA. We had to open a ticket with Cisco support and have their assistance getting this feature to work. Turned out they had a small bug in the code for that version of AnyConnect and it has since been corrected. We have had no issues with the upgrades since that time. The deployment of the software to the user machines was done with SCCM and was straight forward. The user machine upgrades are easy - when the user machine connects and sees a new version available, it upgrades itself! What could be easier?
We have had zero issues with any software running through the AnyConnect remote connection.
- Originally AnyConnect was used for travel, so only a few users had it installed, but it became our number one method for remote connectivity for work at home during COVID19. We were able to get ALL users home to work within 2 days of HR deciding on the plan - which was time for the full user install and training!
- Some of our attorneys are now able to use the AnyConnect while in court to access documents on the fly when needed unexpectedly.
Using Cisco AnyConnect
130 - Everyone in our firm, about 130 users, connect using Cisco AnyConnect when working remotely (from home, travel, court). This includes our administrative staff (accounting, IT, HR), our legal staff (paralegals and legal assistant) and attorneys. This is our primary method of remote connectivity and our users all like it and find it extremely easy to use.
2 - Cisco AnyConnect was implemented by our Managed Services vendor on network equipment. The client side application was initially installed via SCCM to all user machines. We have done four or five upgrades and they have all been easy. We have 2 IT people that support the user side of this application, but honestly once it's installed and the user 5 minute training is done, we've not had any issues to support.
- Secure remote connectivity to on prem servers for users to access data
- Secure remote connectivity forcing GPOs, EDR, and other security services to run as required by our policies
- Secure remote connectivity to enforce upgrades (OS and application) while users work from home
Cisco AnyConnect Support
Problems get solved
Kept well informed
Immediate help available
Support cares about my success
We purchase the Cisco SmartNets for our all of our Cisco gear and software. The support we get makes the extra cost worth it. We renew the maintenance annually. This also keeps us keep track of EOS and EOL on the software and hardware and make sure we replace items in a timely manner to avoid security holes.
Yes - We reported an issue with AnyConnect on specific firmware version on the Cisco firewall when using the VPN "always on" and machine and user certificates. Cisco support helped us with a work around for about 2 months until they released a new firmware version for our ASA and we were able to upgrade and then implement the features we needed. Support was helpful and responsive and we felt like two months was timely since we did indeed have a work around.
We reported an issue with AnyConnect on specific firmware version on the Cisco firewall when using the VPN "always on" and machine and user certificates. Cisco support helped us with a work around for about 2 months until they released a new firmware version for our ASA and we were able to upgrade and then implement the features we needed. Support was helpful and responsive and we felt like two months was timely since we did indeed have a work around. During this time, one Friday during the final testing of the update, our support person's shift ended and she stayed over almost an hour to help transition our case to someone else to finishing helping us so we could complete the test and go live that weekend.
Using Cisco AnyConnect
Like to use
Easy to use
Technical support not required
Quick to learn
Feel confident using
- If you use the machine and user based security certificates with the always-on feature, there is zero user interaction required. The user connects to WIFI, then the software automatically connects with zero user interaction.
- If you use the MFA for the AnyConnect connection, once the VPN address is entered in software once and it successfully connects, it will remember it. For there the user just has to connect to WIFI, select the remembered VPN, enter their MFA code (or a push if setup). It's super easy.
Upgrading Cisco AnyConnect
Yes - So we've been through many upgrades of AnyConnect over the years, but we've done 3 since we implemented the secure certificates and always on features. They went pretty well. One of the 3 upgrades had a random issue with 20% of our laptops and we had to manually uninstall, delete the certificates, then install the new version. The last 2 upgrades we have done in the last year went flawlessly. We pushed via SCCM. The install actually uninstalled the old, installed the new and read the same security certificates. It can be set to download the upgrade and install from the firewall when the users try to connect (which we tested fine), but we decided to use SCCM while users were at the office and do the install just incase we had issues - but there were none. The upgrade was a requirement for new firmware on the firewall.
- We didn't really notice any changes in the AnyConnect itself. The upgrades are all for security pieces users do not see.
- More security - Cisco is always closing security vulnerabilities it finds.
- Confirmed support for Windows 11