Cisco AnyConnect, You know it will work
November 17, 2023

Cisco AnyConnect, You know it will work

Sean Muller | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Cisco AnyConnect

We use Cisco Duo for MFA while connecting into the VPN to ensure that our logins are authenticated against a second Factor and to limit where in the world our logins are allowed from. We also plan on rolling out the ability to force our users to use the Cisco Duo to Log into their terminal servers and, eventually local laptops. This will ensure that our login processes are known to be valid without our IT Team having to jump through hoops and pull some crazy Mac Address or IP address filtering process with constant updates due to private non commercial Internet Service Providers giving our users non-static IPs.

Pros

  • Multi Factor Authentication
  • Integration with Cisco ASA Firewalls
  • Integration with Cisco AnyConnect VPN
  • Easy Enrollment Processes for Users

Cons

  • Manual Administrative Config: The Enrollment requires the user to enroll from their end and can't just be "Setup" for the user unless you act as the user. For things like SMS text, it would be nice just to put it in place and have it work without a "Setup/Enrollment" process. This does, however ensure the user understands the process.
  • Active Directory Sync and Azure Sync Did not automatically match up accounts and duplicate, so I had to do it manually, to be fair the account usernames do not match the Email Address which is used for Azure so it would be difficult.
  • Duo Support and Cisco Support seem to have not been integrated with each other well, most support tickets end up with a Duo expert and a Cisco Firewall Expert on at the same time, though this has improved dramatically.
  • They did not force my Admin to use an NTP Server off the bat, which would have fixed a few issues we had that persisted for a while until he started using one. (A bit old fashioned)
  • During Covid, we had everything setup to completely handle the new WFH environments resulting in minimal issues during the transition.
  • Since all of our users have laptops they are able to use unoccupied offices to connect to docks, then connect to the Cisco AnyConnect VPN, and Work Anywhere.
  • Cisco AnyConnect allows our users to be more flexible in thier hours when appropriate since they can remote into the office at night to do maintenance and run server intensive reports and batch mods when nobody is accessing the system.
  • Cisco AnyConnect allows us to have a new 100% WFH type of employee accommodating the new world we find ourselves in and expanding our hiring potential beyond our physical office locations.
Because it works. Cisco Network, with Cisco Firepower Devices, and Cisco AnyConnect is a match made in heaven because if you know Cisco, then you know it just keeps working. Long after every other system has died or fallen apart or broken 20 times due to updates, Cisco just keeps going on and on and on like the energetic bunny from the old commercials for batteries.
We have benefitted because when a user uses Cisco AnyConnect a secure tunnel is created. We even have set it up so that when they connect to the Cisco AnyConnect, the local LAN at the user's location is disabled so we don't have any devices piggybacking off of the user laptops to get into our systems and do anything malicious. Combined with how stable it is and how easy it is to use (even for non-technical people) once it is setup, we have benefitted greatly from the increased usability of our systems.
Cisco devices are complicated devices to set up, but the flip side of that once you set them up they will pretty much work forever. If you know how to use them and have become certified as a CCNA you will have no trouble. With this in mind, Cisco support will, regardless of your skill, help you with any issue that you may encounter. You may even be able to, with their assistance get your initial setup done with a lower-level technician and their support. But since Cisco is so standard you will always be able to find a Cisco Tech somewhere nearby any tech salesperson you source your gear from.
While other VPN products functionally work, we kept Cisco AnyConnect due to its stability and our ability to control how our users use it. Since we have a Cisco Network it was an obvious choice that we stand behind. While we have other options as backup the primary VPN will pretty much always be Cisco AnyConnect.

Do you think Cisco AnyConnect delivers good value for the price?

Yes

Are you happy with Cisco AnyConnect's feature set?

Yes

Did Cisco AnyConnect live up to sales and marketing promises?

Yes

Did implementation of Cisco AnyConnect go as expected?

Yes

Would you buy Cisco AnyConnect again?

Yes

When a user is located outside of the network of one of our 30 offices, we have them use Cisco AnyConnect to create an encrypted secure tunnel through the internet to our corporate office to share network resources with the user who is considered remote. This allows any of our 500 employees to connect from anywhere they may be facilitating work-from-home scenarios, work-from-vacation scenarios, work-from-trade conference scenarios, and more. Our Cisco AnyConnect is further secured by using Cisco Duo to provide MFA to our Cisco AnyConnect. Additionally, we also use this to facilitate 3rd party support vendor access to their supported servers/applications.

Resilience and Reliability

With the combination of an MFA factor, you can resist the most common type of credential leak by ensuring your users are locked down to a specific device/location via policy. Cisco AnyConnect offers resistance by making the tunnel between your employee and your network secure, you can then go ahead and use an ISE, Duo or Okta to confirm the identity of your user before connection.
Ensure that you are using software that is updated by the organization that developed it. One that doesn't have frequent vulnerabilities and is easy to maintain. Ensure that you train your employees on the use of secure programs. Take care of the end and ensure you are doing your updates for all of your tools. Finally, choose Cisco for your networking because they check off all the boxes.
It is perhaps the second most functional tool we have, it will definitely be renewed every year. Our network is stable, which ensures that there is less for our technicians to troubleshoot, which frees them up to ensure other parts of the company are maintained. This keeps our costs low and our downtime at a minimum.
Cisco Support is the way to go. They are knowledgeable and can help you with any issue that may happen. Have your technicians get CCNA certified. It will not only ensure you have quality techs but also will show them the full capabilities of the system allowing them to plan for your company's future.
It almost never has a problem, and when there is a problem it is not a problem with Cisco AnyConnect it is a problem with one of the other systems such as Active Directory or Duo, or the local laptop instead. This is because of the quality in engineering that happens at Cisco in general.
While I would have liked it if we had trained more, we did not have a CCNA-certified tech when we first set it up, though he did pass that test later on, support was able to basically tell us how to do it and set up a template for future site to site connections for us.

Comments

More Reviews of Cisco AnyConnect

  1. Home
  2. Virtual Private Network (VPN) Solutions
  3. Cisco AnyConnect Reviews
  4. User Review of Cisco AnyConnect