Skip Links

Cisco sets the bar for mobile security

Combination of always-on client, VPN/firewall and Web security gateway provides secure access for mobile end users.

By , Network World
March 21, 2011 12:07 AM ET

Network World - Cisco has been a leader in remote access VPNs since 1999, and its latest release, the AnyConnect Secure Mobility Solution, will make both end users and network managers very happy, despite a few rough parts.

The AnyConnect Secure Mobility Solution (part of Cisco's Borderless Networks initiative) consists of three seamlessly integrated products: the AnyConnect Secure Mobility Client 3.0, the ASA Adaptive Security Appliance (firewall/VPN) 8.4 and Cisco IronPort S-series Web security appliance 7.1.

SMBs might feel left out in the cold

Customers aren't required to buy all three products, but we found that you get better performance and better functionality if you do. In our testing, AnyConnect Secure Mobility Solution is all about managed end-point client software that's always active, protecting enterprise users and enforcing security policy no matter where they are, on a multitude of devices and platforms.

And enterprise network managers will be especially pleased with features such as optimal gateway selection (which automatically picks the best gateway for a user based on network characteristics), end-point posture assessment and better performance over more diverse types of networks.

It all starts with the VPN concentrator

The starting point for any remote access VPN discussion is Cisco's ASA 5500 series Adaptive Security Appliance, a combination VPN and firewall, with optional anti-malware and IPS capabilities.

Although older Cisco VPN clients can connect to non-VPN devices, such as PIX firewalls and IOS routers, connectivity with the new client is more limited. To get the benefit of the AnyConnect client's full feature set, you'll need an ASA appliance. IOS routers, including the 2851, 1951, 3800, and 3900, can also accept AnyConnect clients, but don't support the full feature set.

Your best bet, then, is to use an ASA appliance, which ranges from the ASA 5505 (10 to 25 users) up to the ASA 5585X (5,000 to 10,000 users).

All ASA appliances have SSL VPN features, including reverse proxying (gatewaying Web applications at the application layer) and application tunneling (using encrypted tunnels to expose single applications through the VPN device), although we didn't focus on those features during this test. We spent most of our testing looking at network extension, bringing remote devices onto the corporate LAN, and Cisco's approach to securing those remote devices — what is now the traditional remote access use case. (Read Proxy configurations: The lesser of two evils.)

Next comes the client software

The next key component of a Cisco remote access solution is its new AnyConnect Secure Mobility client. The AnyConnect client has the basic feature set that one would expect in a mature product: end-point security detection and control, simplified deployment and policy downloading directly from the VPN gateway, wide-ranging user authentication options, and remote user policy enforcement features.

Cisco offers the AnyConnect client as an installed package available for all Windows versions back to XP, Mac OS X 10.5 and 10.6, Intel-based Linux distributions with the 2.6 kernel, Apple iOS 4 (the iPhone and iPad operating system), and Windows Mobile versions 5 and 6.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News