FRAMINGHAM, 21 MARCH 2011 -
Cisco has been a leader in remote access VPNs since 1999, and its latest release, the AnyConnect Secure Mobility Solution, will make both end users and network managers very happy, despite a few rough parts.
The AnyConnect Secure Mobility Solution (part of Cisco's Borderless Networks initiative) consists of three seamlessly integrated products: the AnyConnect Secure Mobility Client 3.0, the ASA Adaptive Security Appliance (firewall/VPN) 8.4 and Cisco IronPort S-series Web security appliance 7.1.
Customers aren't required to buy all three products, but we found that you get better performance and better functionality if you do. In our testing, AnyConnect Secure Mobility Solution is all about managed end-point client software that's always active, protecting enterprise users and enforcing security policy no matter where they are, on a multitude of devices and platforms.
And enterprise network managers will be especially pleased with features such as optimal gateway selection (which automatically picks the best gateway for a user based on network characteristics), end-point posture assessment and better performance over more diverse types of networks.
It all starts with the VPN concentrator
The starting point for any remote access VPN discussion is Cisco's ASA 5500 series Adaptive Security Appliance, a combination VPN and firewall, with optional anti-malware and IPS capabilities.
Although older Cisco VPN clients can connect to non-VPN devices, such as PIX firewalls and IOS routers, connectivity with the new client is more limited. To get the benefit of the AnyConnect client's full feature set, you'll need an ASA appliance. IOS routers, including the 2851, 1951, 3800, and 3900, can also accept AnyConnect clients, but don't support the full feature set.
Your best bet, then, is to use an ASA appliance, which ranges from the ASA 5505 (10 to 25 users) up to the ASA 5585X (5,000 to 10,000 users).
All ASA appliances have SSL VPN features, including reverse proxying (gatewaying Web applications at the application layer) and application tunneling (using encrypted tunnels to expose single applications through the VPN device), although we didn't focus on those features during this test. We spent most of our testing looking at network extension, bringing remote devices onto the corporate LAN, and Cisco's approach to securing those remote devices — what is now the traditional remote access use case. (Read Proxy configurations: The lesser of two evils.)
Next comes the client software
Sign up for Computerworld eNewsletters.