Designed by one of the most experienced names in online security, the Cisco AnyConnect Secure Mobility Client sets out to provide a simple way for businesses to facilitate secure remote working. San Jose-based Cisco has been developing VPNs since the 1990s, and AnyConnect builds on a long, successful heritage.
Capable of integrating both personal devices and corporate laptops under one umbrella, it could be the ideal way to put managers’ minds at rest when seeking flexible working arrangements. But let’s dig deeper to see whether the tech giant’s claims match up to reality.
As with any Virtual Private Network, Cisco’s VPN client needs to be assessed on its security merits above anything else. So how does AnyConnect fare on this terrain? Here are the package’s core security features to get us started:
- Secure VPN connections via SSL, IPSec, and IKEv2 protocols.
- Additional security “modules”, including the Cisco Identity Services Engine (ISE), which guards against unauthorized access, and Cisco Cloud Web Security.
- Includes multi-factor authentication as a core feature.
- Full network visibility for managers via the Network Visibility Module (NVM), which focuses on all relevant endpoints.
- Encryption includes AES-256 and 3DES-168, as well as numerous next-generation encryption ciphers.
This adds up to a formidable array of security features, and ticks most of the boxes we would hope to find in an elite business-oriented security package. The use of 256-AES encryption as a base point is particularly appealing, with more complex encryption tools available if required.
The choice of protocols offers flexibility and reliable tunneling protection. Users can toggle between IKE, IPSec, and SSL, changing their setup to suit their range of devices or the software they use.
Similarly, with high-grade encryption and tunneling protocols on board, AnyConnect also delivers reliable IP address anonymization, especially when using unsecured public wifi networks (which after all, is one of the major purposes of the software). So businesses should be able to allow remote working without too many security anxieties.
Because we’re talking about Cisco, a lot of the security features involved are also bundled up with additional “modules,” like NVM and ISE. These tools can be added to VPN packages as required, and provide tools like malware protection, authentication, and in-depth real-time analysis. As far as authentication goes, 2FA is built-in, and methods range from standard RADIUS, through to RSA SecurID and SmartCard support.
When you combine these features with the core VPN provided with the Cisco VPN client, Windows 10 and Mac users can be confident that most security bases have been covered. Basically, this is what we would hope for from a Cisco VPN, and there’s not too much to worry about here.
For starters, it’s worth bearing in mind that Cisco is based in San Jose, which means that it may be worth adjusting your purchasing decision if your priority is to remain hidden from the authorities. US-based VPNs tend to prioritize reliability, speed, and support over privacy – and that’s what we find when we peer into the AnyConnect Privacy Statement. This explains that Cisco collects:
- Information from all customer service interactions via the AnyConnect Customer Experience module.
- The number of devices connected via AnyConnect
- Average log-in times and data usage statistics
- Crash Dump Information, which may be automatically sent to Cisco engineers
- IP address information, which is collected when users connect
- Browsing history, which may be collected regarding a specific “web threat” such as spam or malware.
- Aggregated data, which may also be shared with third parties
Some of those features can be turned off by network managers, but even then, Cisco collects quite a lot of information about the user. The statement clearly explains that personally-identifiable information is not collected, but a huge amount of data related to users is logged, which naturally raises privacy concerns.
Fundamentally, Cisco AnyConnect isn’t a VPN for hardcore privacy fans. It’s a mainstream business tool from a giant corporation, which behaves as you’d expect – gathering data, using it to refine its products, cooperating with third parties and – potentially – handing it over to the authorities.
Features, installation, and deployment
Cisco AnyConnect supports the following platforms:
- Android (4.0 and above)
- iOS (version 10.3 and later)
- Blackberry (OS 10.3.2 and later)
- Windows 10 Mobile (doesn’t work with Windows Phone 8.1)
- Windows 7 and above
- Mac (OS X 10.8 and later)
All of the clients have the same functionality, although they won’t necessarily be able to hook up with other Cisco modules, such as ISE. However, most small and medium-sized enterprises will find that a central node running ISE and NVM will offer a simple way to add as many secondary devices as needed. The Lock Down feature also makes it easy to minimize the autonomy of individual users, while retaining core security features.
All users need in order to connect to the VPN is a copy of the client, which can be downloaded for free from Cisco. They can then use any standard license to establish the VPN – a really simple, effective medium-scale solution.
The VPN offers support for 30 separate languages, making international working much easier. User numbers are effectively unlimited with Cisco AnyConnect Mac and Windows implementations. P2P-based systems can be accommodated via the web config app (but torrenting is a no-go), and there’s a handy Chrome add-on as well.
However, it’s not all rosy. You can’t install AnyConnect from USB sticks, which may annoy some managers. And while the installer can be customized to amend privacy settings and user experience, managers will have to take extra care for each setting they choose. Disabling modules to maximize privacy is a one-by-one process, and can be a time-consuming exercise. Then again, auto-updating is another core feature, which saves time on auditing security versions, and it can be switched off as desired.
The client itself runs well, with a simple user interface and a complex back end which provides visibility and control. And, as we’ve already mentioned, the authentication and encryption features are tight – allowing businesses to closely monitor access to their systems. So overall, as far as usability is concerned, we’d recommend AnyConnect as a lightweight but flexible VPN.
Plans and pricing
When customers set up an AnyConnect VPN system, they will need to purchase a license to connect their workforce. There are a couple of “tiers” for customers to think about here:
AnyConnect Plus – Includes the VPN and basic authentication of all connected devices, per-application access, as well as access to other Cisco modules (but not all of them).
AnyConnect Apex – Ups the ante where endpoint checks and authentication are concerned, includes the ISE module as part of the license, plus VPN access for remote workers without the need to download a client.
License fees vary depending on the tier, and the number of users expected on the network, as well as the length of the contract (ranging from 1 year to “perpetual”). For instance, the basic 1 user AnyConnect Plus package lasting 1 year retails for $3.99, while Apex costs $6.99.
This opens up a galaxy of different price points, which is great for companies who want the ability to expand their user numbers. As you can see from the basic AnyConnect Plus price, rates aren’t too expensive, at least at lower tiers and user numbers. But as user numbers and contract terms grow, so does the price. At the high end, the cost of AnyConnect can actually become very high indeed.
Also on the debit side, Cisco doesn’t offer free trials, and there’s no money-back guarantee. Instead, users can refer to the general AnyConnect End User License Agreement, which gives users 180 days to report defects. So there’s no scope to change your mind with AnyConnect. Plan well before purchasing, as extracting refunds could be tricky.
Finally, how does Cisco AnyConnect actually fare on the speed front? Admittedly, it’s not designed with Netflix streaming, P2P downloading, or gaming in mind, so the speed isn’t exactly the number one priority.
The good news is that Cisco’s technical support tends to resolve speed issues with impressive regularity, restoring speed to a workable level. So if you are willing to work with the support team, and have a decent level of technical knowledge, performance may not be an issue.
We’ve already mentioned Cisco’s customer support as a strong point of AnyConnect, and it’s worth stressing this. When you purchase VPN assistance from Cisco, you will benefit massively from being part of the Cisco community. This delivers the following support options:
- In-depth personal support via the Cisco Community forums
- 24/7 telephone support for all users
- Online chat support during local business hours
- Contact via email forms on the Cisco site
Response times are universally prompt, and feedback is useful. As with all tech companies, it may take a while to adjust the depth of feedback to suit entry-level and experienced users, but 99% of the time, Cisco support staff will be available to field your questions. That’s definitely not something you can say for most VPNs.
If you intend to set up a small business VPN and know that you’ll require a degree of assistance at every stage, Cisco is a good partner to choose. The combination of detailed documentation, forum discussions, and in-person support puts it well ahead of most competitors.
- Very strong encryption and choice of protocols
- Easy-to-set up networks incorporating mobile phones and laptops
- Flexible permissions and endpoint protection via ISE
- Payment plans can be scaled up with ease
- Excellent support services
- US jurisdiction and concerns about information sharing
- Potentially very slow speeds
- No money-back guarantee or free trial
Cisco is one of the biggest names in internet security, and AnyConnect is its flagship VPN package. Offering very solid encryption, leak protection, and protocols, AnyConnect caters for multiple platforms, offers flexible network architecture, and scales up as companies grow. But privacy concerns and sluggish speeds mean that it’s not the perfect option by any means.