AnyConnect to connect simply
Updated September 08, 2022
AnyConnect to connect simply
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Cisco AnyConnect
Cisco AnyConnect allows us to provide split-tunnel VPN connectivity to our remote end-points and allow those resources to access corporate IT facilities in a seamless manner. The authentication and authorization are controlled using our existing ADDS. Regular Internet traffic is sent using local internet gateway, while traffic destined for the VPN-connect network is redirected over the IPSec tunnel as authorized and to specific VLANs.
- Seamless integration with existing AD.
- Stable connection with low overhead for client.
- Client check and auto-update AnyConnect client software makes it easier to manage.
- Licensing costs can be a bit expensive.
- Requires Cisco subscription for updates to client software.
- Requires Cisco firewall.
- With enforced work from home, Cisco AnyConnect allowed us to work "normally".
- ROI is negative as the initial setup costs of the VPN gateway and the ongoing subscription costs can be quite prohibitive, compared to the benefits derived from seamless connectivity.
- Once set up correctly, the connection works seamlessly and stays connected as long as Internet connectivity is maintained.
- Errors on VPN gateway can negatively impact general browsing on the end-point.
Yes, very much. With the global pandemic, this need to connect to central IT resources was brought forced on us, as we worked from home. Fortunately, we were able to leverage our existing VPN connectivity to manage access for our workforce as well as allow them to continue working from home, with minimal disruption. Cisco AnyConnect has definitely served the purpose in this regard and delivered on a fast and easy way to connect to the corporate networks using standard home internet connectivity.
TeamViewer is fairly easy to use, but we found it to be more appropriate for remote access and support. We could not deploy centralized ADDS managed authentication and account access setup was fragmented. The UAC also prevented some support tasks and so this was not a seamless or consistent VPN alternative for us.
Do you think Cisco AnyConnect delivers good value for the price?
Yes
Are you happy with Cisco AnyConnect's feature set?
Yes
Did Cisco AnyConnect live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Cisco AnyConnect go as expected?
I wasn't involved with the implementation phase
Would you buy Cisco AnyConnect again?
Yes
Resilience and Reliability
Definitely resilience is a must in the current climate with the ability to work remotely a must and most organizations were able to or were forced to accommodate remote working early in the pandemic. Also a robust business continuity plan is of paramount importance, even cloud services can fail and it is important to be able to anticipate and respond to failures as and when they occur. With all manner of malware in the wild, including unknown zero day vulnerabilities, air-gapped backups, though an out dated model are still relevant in this context.
Provide funding and promote BCP across the organization, this includes all areas, not just to technical requirements. To be able to anticipate and thrive in an environment of data spread, it is important that regular training form the backbone of any response and as the first barrier to threat vectors.
- We have taken remote backups of executive computers
- Published group policy and WSUS to keep remote computers safe
Using Cisco AnyConnect
12 - Access to centralized file shares. Download group policy objects. Connect to SQL servers. Connect and download approved updates from on-premise Windows Software Update Server.
1 - Network engineers with certifications on Cisco firewall.
- Able to access centralized resources for remote workers
- Control and manage remote users computers
- Provide encrypted connections to access internet using remote internet gateway, when required.
- Backup of all remote user computers.
Evaluating Cisco AnyConnect and Competitors
- Price
- Product Features
- Prior Experience with the Product
As the existing network equipment was already all Cisco, it makes sense from a pricing perspective to continue using the same platform which lead us to Cisco AnyConnect for our remote work users.
I was not part of the evaluation and selection process. However, I do not think there would be any change to the deployment.
Cisco AnyConnect Implementation
- Implemented in-house
Change management was minimal
- Cost of the equipment
- Annual cost for SmartNet is quite high
Cisco AnyConnect Training
- no training
Yes, it was a simple thing to select the server to connect to and provide relevant SSO credentials.
Configuring Cisco AnyConnect
DDL certificates makes MITM attacks less likely, as well as preventing connections to unsafe servers.
No - there is no facility to customize the interface
No - we have not done any custom code
Cisco AnyConnect Support
Pros | Cons |
---|---|
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Support understands my problem Quick Initial Response | None |
Not sure of the support level, but there is smartnet support as that is required to get support on any tickets and also to access the latest version of the AnyConnect client software.
Trying to make Cisco AnyConnect work with Citrix presentation server over multiple vlans was a complicated setup. The support engineer helped to resolve and provided a workaround to make it work successfully.
Using Cisco AnyConnect
Pros | Cons |
---|---|
Like to use Relatively simple Easy to use Well integrated Consistent Convenient Feel confident using Familiar | None |
- Connection is seamless
- Connection works away in the background and is not intrusive at all
- Appropriate security warnings are flagged e.g. SSL certificate warnings if expired to prevent MITM attacks.
- Auto Connect functionality not present
Yes - flawlessly
Cisco AnyConnect Reliability
Integrating Cisco AnyConnect
- SQL Server Management Studio
- Remote printing
Since the Cisco AnyConnect client creates a virtual network adapter, all LAN traffic is routed to the correct Vlans, as configured. Applications can then connect to remote resources transparently. We have not noticed any issues with accessing a remote resource once the connection is successfully made and correct routes are defined on the profile.
- Single Signon
SSO with existing ADDS is easy to achieve.
Relationship with Cisco
Number of licenses.
None.
Upgrading Cisco AnyConnect
Yes - We had to upgrade from version 4.07 to 4.10.
- Able to use it on latest version of Windows
- Any security issues to be mitigated
- Sleeker interface