Cisco® AnyConnect VPN Client provides remote users with full network access to virtually any corporate application. It automatically adapts its tunneling protocol to the most efficient method based on network constraints. Cisco AnyConnect VPN Client is the first VPN product to use the Datagram Transport Layer Security (DTLS) protocol to provide an optimized connection for latency-sensitive traffic, such as voice over IP (VoIP) traffic or TCP-based application access.
Features and Benefits
Table 1 lists the features and benefits of Cisco AnyConnect VPN Client.
Table 1. Features and Benefits
Feature
Benefit
Optimized Network Access
• Automatically adapts its tunneling to the most efficient method possible based on network constraints.
• Uses DTLS to provide an optimized connection for latency-sensitive traffic, such as VoIP traffic or TCP-based application access.
• Uses HTTP over SSL to ensure availability of network connectivity through locked-down environments, including those using Web proxy servers.
Mobility Friendly
• Designed for mobile users.
• Can be configured so that the VPN connection remains established during IP address changes, loss of connectivity, and/or hibernation or standby.
• Trusted Network detection enables the VPN connection to automatically disconnect when an end user is in the office and connect when a user is at a remote location.
Encryption
• Supports strong encryption, including AES-256 and 3DES-168. (The headend device must have a strong-crypto license enabled.)
Broad Operating System Support
• XP 32-bit (x86) and 64-bit (x64)
• Windows Vista 32-bit (x86) and 64-bit (x64), including Service Pack 1 and 2 (SP1/SP2)
• Windows 7 32-bit (x86) and 64-bit (x64)
• Mac OS X 10.5 and 10.6.x
• Linux Intel (2.6.x kernel)
• Windows 2000 & Mac OS X 10.4 are no longer validated / supported as of AnyConnect 2.4.
Cisco AnyConnect Mobile (requires optional AnyConnect Mobile license)
• Windows Mobile 5.0, 6.0, and 6.1 (Professional and Classic)
Wide Range of Deployment and Connection Options
Deployment options:
• Pre-deployment, including Microsoft Installer
• Automatic headend deployment (administrative rights are required for initial installation) via ActiveX (Windows only) and Java
Connection modes:
• Standalone via system icon
• Browser-initiated (Weblaunch)
• Clientless portal initiated
• Command-line interface (CLI) initiated
• API initiated
Wide Range of Authentication Options
• RADIUS
• RADIUS with Password Expiry (MSCHAPv2) to NT LAN Manager (NTLM)
• RADIUS one-time password (OTP) support (state/reply message attributes)
• RSA SecurID (including SoftID integration)
• Active Directory/Kerberos
• Embedded Certificate Authority (CA)
• Digital Certificate/Smartcard (including Machine Certificate support) - auto or user selected
• Lightweight Directory Access Protocol (LDAP) with Password Expiry and Aging
• Generic LDAP support
• Combined certificate and username/password multifactor authentication (double authentication)
Ease of Client Administration
• Allows an administrator to automatically distribute software and policy updates from the headend security appliance, thereby eliminating administration associated with VPN client software updates.
• Administrators can determine which capabilities to make available for end user configuration.
• Administrators can trigger an endpoint script at connect/disconnect time when domain login scripts cannot be utilized.
Consistent User Experience
• Full tunnel client mode supports remote-access users requiring a consistent LAN-like user experience.
• Multiple delivery methods and small download size help ensure broad compatibility and rapid download of the Cisco AnyConnect VPN Client.
• In conjunction with Cisco Secure Desktop, host integrity verification checking seeks to detect the presence of antivirus software, personal firewall software, and Windows service packs on the endpoint system prior to granting network access.
• Administrators also have the option of defining custom posture checks based on the presence of running processes.
• Cisco Secure Desktop can detect the presence of a watermark on a remote system. The watermark can be used to identify assets that are corporate-owned and provide differentiated access as a result. The watermark checking capability includes system registry values, file existence matching a required CRC32 checksum, IP address range matching, and certificate issued by/to matching.
• An advanced endpoint assessment option is available to automate the process of repairing out-of-compliance applications.
Advanced IP Network Connectivity
• Access to internal IPv4 and IPv6 network resources
• Centralized split tunneling control for optimized network access
IP address assignment mechanisms:
• Static
• Internal pool
• Dynamic Host Configuration Protocol (DHCP)
• RADIUS/LDAP
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org).
Any Cisco SMARTnet customer may download the latest Cisco AnyConnect VPN Client software from Cisco.com, but a headend license is required in order to support more than two simultaneous connections. Please refer to the AnyConnect Licensing Options section above for additional information on the available options.
For a list of available licensing options that enable connectivity with AnyConnect, please refer to the Cisco Secure Remote Access: VPN Licensing Overview.
