Table Of Contents
Cisco FIPS-Compliant VPN Clients
Cisco provides an end-to-end remote access security solution for our customers that require FIPS compliance. Our FIPS-compliant VPN clients and the FIPS-certified ASA 5500 Series Adaptive Security Appliance allow organizations to establish end-to-end, encrypted VPN tunnels for secure connectivity for mobile employees and telecommuters.
The FIPS-compliant Cisco VPN client is available in a separate FIPS-compliant release. FIPS-compliance for the AnyConnect VPN client is a feature enabled in the local policy, and does not require a different release of the AnyConnect client.
Both FIPS-compliant clients are licensed and available from your Cisco representative. This document provides general information about these products and contains the following sections:
Information about FIPS
Cisco FIPS-compliant VPN clients comply with Level 1 of the Federal Information Processing Standard (FIPS) 140-2, a U.S. government standard for specific security requirements for cryptographic modules. The FIPS 140-2 standard applies to all federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems.
The National Institute of Standards and Technology (NIST) authorizes independent, accredited Cryptographic Module Testing (CMT) laboratories to test and validate cryptographic modules against FIPS. A letter from the CMT laboratory that tested the Cisco FIPS-compliant VPN client is available from your Cisco representative at your request.
New Features for the FIPS-Compliant VPN Client (IPsec)
The FIPS-compliant VPN client (IPsec) is a separate release of the client. The following are some of the new features added since the last release of the FIPS-compliant VPN client, Release 3.6.3:
•A redesigned user interface for greater usability.
•Windows Vista support.
•Windows Vista Smartcard support.
•A new virtual adapter improves performance of application requiring the client IP address, such as Netmeeting and VoIP applications.
•Includes the latest fixes to customer-found defects and addresses most past vulnerabilities (PSIRTs).
Licensing Requirements for the FIPS-Compliant VPN Client
The Cisco FIPS-compliant VPN clients are licensed based on the ASA 5500 Series Adaptive Security Appliance model. Each security appliance model requires a different license. The license does not affect the number of allowed concurrent VPN sessions.
The following table shows the Product numbers (also called SKUs) of the licenses for each security appliance model:
Note Each new security appliance model purchased after August 31st, 2009 requires a FIPS-compliant VPN client license. Cisco customers with current SMARTnet contracts who purchased an ASA 5500 Series Adaptive Security Appliance before August 31st, 2009 are not required to purchase a license for these specific appliances and may contact the Cisco federal account team for information on upgrade rights for the FIPS-compliant VPN client.
Where to go for Additional information
For more information about Cisco FIPS-compliant VPN clients, see the following documents:
Release Notes for Cisco VPN Client, FIPS-Compliant Release 5.0.5-FIPS:
Release Notes for Cisco VPN Client, Release 5.0.00 and Release 5.0.01: