Downloads |
Product Overview
Cisco AnyConnect Secure Mobility client raises the game in remote access technology by making the VPN experience more seamless and more secure than ever. Cisco's Secure Mobility client builds on prior AnyConnect VPN offerings to improve the always-on VPN experience across a broader set of PC and smart phone based mobile devices. As mobile workers roam to different locations, with always-on and intelligent VPN, the client can automatically select the most optimal network access point and adapt its tunneling protocol to the most efficient method. Cisco AnyConnect is the first VPN solution to use the Datagram Transport Layer Security (DTLS) protocol to provide an optimized connection for latency-sensitive traffic, such as voice over IP (VoIP) traffic or TCP-based application access.
In addition to industry-leading VPN capabilities, the AnyConnect Secure Mobility client can enable built-in web security and malware threat defense as part of Cisco AnyConnect Secure Mobility. Enterprises now have a choice in supplementing employee access to corporate resources from advanced mobile devices and locations with consistent, context-aware security policy.
Features and Benefits
Table 1 lists the features and benefits of Cisco AnyConnect.
Table 1. Features and Benefits
|
Feature |
Benefit |
|
Optimal Gateway Selection |
• Determines and established connectivity to the most optimal network access point.
(New in AnyConnect 2.5) • Automatically adapts its tunneling to the most efficient method possible based on network constraints.
• Uses DTLS to provide an optimized connection for latency-sensitive traffic, such as VoIP traffic or TCP-based application access.
• Uses TLS (HTTP over TLS/SSL) to ensure availability of network connectivity through locked-down environments, including those using Web proxy servers.
|
|
Cisco AnyConnect Secure Mobility (Premium or Cisco IronPort Web Security Appliance Secure Mobility license required) |
• New in AnyConnect 2.5
• Enforce security policy into every transaction independent of where the user is located, whether it is an enterprise/"in-house" owned or a SaaS application.
• Require always-on secure network connectivity with a policy to permit or deny network connectivity if access unavailable.
• Hotspot / Captive Portal Detection.
• Optimized for use with the Cisco IronPort Web Security Appliance.
|
|
Mobility Friendly |
• Designed for mobile users.
• Can be configured so that the VPN connection remains established during IP address changes, loss of connectivity, and/or hibernation or standby.
• Trusted Network detection enables the VPN connection to automatically disconnect when an end user is in the office and connect when a user is at a remote location.
|
|
Encryption |
• Supports strong encryption, including AES-256 and 3DES-168. (The head-end device must have a strong-crypto license enabled.)
|
|
Broad Operating System Support |
• XP 32-bit (x86) and 64-bit (x64)
• Windows Vista 32-bit (x86) and 64-bit (x64), including Service Pack 1 and 2 (SP1/SP2)
• Windows 7 32-bit (x86) and 64-bit (x64)
• Mac OS X 10.5 and 10.6.x
• Linux Intel (2.6.x kernel)
• Windows 2000 & Mac OS X 10.4 are no longer validated / supported as of AnyConnect 2.4.
• Cisco AnyConnect Mobile (requires optional AnyConnect Mobile license)
• Windows Mobile 5.0, 6.0, and 6.1 (Professional and Classic)
|
|
Wide Range of Deployment and Connection Options |
Deployment options: • Pre-deployment, including Microsoft Installer
• Automatic head-end deployment (administrative rights are required for initial installation) via ActiveX (Windows only) and Java
Connection modes: • Standalone via system icon
• Browser-initiated (Weblaunch)
• Clientless portal initiated
• Command-line interface (CLI) initiated
• API initiated
|
|
Wide Range of Authentication Options |
• RADIUS
• RADIUS with Password Expiry (MSCHAPv2) to NT LAN Manager (NTLM)
• RADIUS one-time password (OTP) support (state/reply message attributes)
• RSA SecurID (including SoftID integration)
• Active Directory/Kerberos
• Embedded Certificate Authority (CA)
• Digital Certificate/Smartcard (including Machine Certificate support) - auto or user selected
• Lightweight Directory Access Protocol (LDAP) with Password Expiry and Aging
• Generic LDAP support
• Combined certificate and username/password multifactor authentication (double authentication)
|
|
Ease of Client Administration |
• Allows an administrator to automatically distribute software and policy updates from the head-end security appliance, thereby eliminating administration associated with client software updates.
• Administrators can determine which capabilities to make available for end user configuration.
• Administrators can trigger an endpoint script at connect/disconnect time when domain login scripts cannot be utilized.
• Administrators can fully customize and/or localize end-user visible messages.
|
|
Consistent User Experience |
• Full tunnel client mode supports remote-access users requiring a consistent LAN-like user experience.
• Multiple delivery methods and small download size help ensure broad compatibility and rapid download of Cisco AnyConnect.
|
|
Pre-connection Posture Assessment (Premium license required) |
• In conjunction with Cisco Secure Desktop, Host Scan verification checking seeks to detect the presence of antivirus software, personal firewall software, and Windows service packs on the endpoint system prior to granting network access.
• Administrators also have the option of defining custom posture checks based on the presence of running processes.
• Cisco Secure Desktop can detect the presence of a watermark on a remote system. The watermark can be used to identify assets that are corporate-owned and provide differentiated access as a result. The watermark checking capability includes system registry values, file existence matching a required CRC32 checksum, IP address range matching, and certificate issued by/to matching.
• An advanced endpoint assessment option is available to automate the process of repairing out-of-compliance applications.
|
|
Advanced IP Network Connectivity |
• Access to internal IPv4 and IPv6 network resources
• Centralized split tunneling control for optimized network access
IP address assignment mechanisms: • Static
• Internal pool
• Dynamic Host Configuration Protocol (DHCP)
• RADIUS/LDAP
|
|
Client Firewall Policy |
• New in AnyConnect 2.5
• Added protection for Split Tunneling configurations.
• Used in conjunction with Cisco Secure Mobility to allow for local access exceptions (i.e. printing, tethered device support, etc).
• Supports port-based rules for IPv4 and network/IP Access Control Lists (ACLs) for IPv6.
• Available for Windows XP SP2, Vista, Windows 7 & Mac OS X
|
|
AnyConnect Profile Editor |
• New in AnyConnect 2.5 & Adaptive Security Appliance 8.3
• AnyConnect policies may be customized directly from Cisco ASDM (Adaptive Security Device Manager).
|
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org).
Platform Compatibility
The Cisco AnyConnect VPN Client is compatible with all Cisco ASA 5500 Security Appliance models (running Cisco ASA Software Release 8.0.3 and later) and various Cisco IOS® Software-based routers.
The Cisco AnyConnect VPN Client is not compatible with Cisco PIX® security appliances or Cisco VPN 3000 Series concentrators.
Additional compatibility information may be found at: http://www.cisco.com/en/US/docs/security/asa/compatibility/vpn-platforms-82.html.
Cisco AnyConnect Secure Mobility Client Licensing Options
Table 2 lists licensing options for the Cisco AnyConnect Secure Mobility Client.
Table 2. Cisco AnyConnect Secure Mobility Client Licensing Options
|
License Option |
Description |
|
Platform Licenses |
|
|
AnyConnect Essentials |
• Highly secure remote-access connectivity.
• Single license per device model.
• Full Tunneling access to Enterprise applications.
|
|
AnyConnect Premium |
• Includes clientless SSL VPN, Cisco Secure Desktop capabilities (including Host Scan) and support for Cisco AnyConnect Secure Mobility. Optionally provides Full Tunneling access to Enterprise applications.
• License is based on number of simultaneous users, and is available as a single device or shared license.
• Cisco AnyConnect Secure Mobility also requires a Cisco IronPort Web Security Appliance license.
|
|
Optional Feature Licenses |
|
|
AnyConnect Mobile |
• Enables Mobile OS platform compatibility.
• Required per-device, in addition to Essentials or Premium licenses.
|
|
Advanced Endpoint Assessment |
• Enables advanced endpoint assessment capabilities (such as auto-remediation).
• Required per-device, in addition to Premium licenses. (not available with AnyConnect Essentials).
|
|
Cisco Secure Mobility |
• New in AnyConnect 2.3 and Adaptive Security Appliance 8.3
• Enforce security policy into every transaction independent of where the user is located.
• For use with Cisco IronPort Web Security Appliance license and optional AnyConnect Premium license or standalone with AnyConnect Premium license.
|
|
FIPS 140-2 Level 1 Compliance |
• ASA license which allows use of a FIPS compliant version of AnyConnect.
|
Electronic License Delivery
Most licenses are available for electronic delivery; this significantly speeds up license fulfillment time. To order a license electronically, be sure to order part number(s) that begin with "L-."
Warranty Information
Find warranty information at the Cisco Product Warranties page.
Ordering Information
To place an order, visit the Cisco Ordering Home Page. To download software, visit the Cisco Software Center (a Cisco SMARTnet® contract is required).
Any Cisco SMARTnet customer may download the latest Cisco AnyConnect client software from Cisco.com, but a headend license is required in order to support more than two simultaneous connections. Please refer to the AnyConnect Licensing Options section above for additional information on the available options.
For a list of available licensing options that enable connectivity with AnyConnect, please refer to the Cisco Secure Remote Access: VPN Licensing Overview.
For More Information
Cisco AnyConnect Secure Mobility Client documentation http://www.cisco.com/en/US/products/ps8411/tsd_products_support_series_home.html.
Cisco ASA 5500 Series Adaptive Security Appliances http://www.cisco.com/go/asa.
Cisco ASA 5500 Series Adaptive Security Appliance Licensing Information: http://www.cisco.com/en/US/products/ps6120/products_licensing_information_listing.html.