Cisco Cisco AnyConnect Secure Mobility Client v3.x Getting Started Guide
Major features are shown in Table 1.
Table 1. AnyConnect Secure Mobility Client Features
Feature
Description
Unified Endpoint
Compliance
The AnyConnect ISE Agent provides unified endpoint posture
and remediation for Cisco ISE across wired, wireless, and VPN
environments. It serves as the main source of endpoint posture
checking for OS levels, latest antivirus updates, and other resources
to strengthen endpoint security and compliance. In addition, the
Cisco Adaptive Security Appliance provides endpoint posture using
Cisco Hostscan with the Adaptive Security Appliance.
Highly Secure
Network Access
The AnyConnect Network Access Manager provides superior
connectivity features. Administrators can control which networks
or resources that endpoints can connect to. It provides an IEEE
802.1X supplicant that can be provisioned as part of authentication,
authorization, and accounting (AAA) capabilities along with some
unique encryption technologies such as MACsec IEEE 802.1AE.
Web Security
A built-in AnyConnect module implements web security either
through the on-premises Cisco Web Security Appliance or the
cloud-based Cisco Cloud Web Security offering. Combining
web security with VPN access, administrators can provide
comprehensive, highly secure mobility to all end users, which is vital
for bring-your-own-device (BYOD) deployments. Enterprises have a
choice of deployments to defend the network against web malware
and to control and safeguard web usage.
Network Visibility The AnyConnect Network Visibility Module on Windows and Mac
OS X platforms gives administrators the ability to monitor endpoint
application usage to uncover potential behavior anomalies and to
make more informed network design decisions. Usage data can be
shared with a growing number of Internet Protocol Flow Information
Export (IPFIX)-capable network analysis tools.
Off-Network
Protection
(DNS-Layer
(DNS-Layer
Security)
Cisco Umbrella Roaming is a cloud-delivered security service
that protects devices when they are off the corporate network.
Whether users turn off the VPN or forget to turn it on, Umbrella
Roaming enforces security at the DNS layer to protect against
malware, phishing, and command-and-control callbacks over any
port or protocol. Off-network protection has never been easier.
Simply upgrade your AnyConnect agents and activate the Umbrella
Roaming module for protection of devices off the corporate network.
Clientless
Access
The Cisco Adaptive Security Appliances provide SSL connectivity
through a variety of browsers across multiple platforms.
Administrators can provide clientless VPN access to unmanaged
endpoints and offer access to various web and TCP/IP-based
applications. Access is provided through a rewriter, plugins, or
smart tunnels using browser-embedded SSL technology while
implementing fine-grained access control and end-to-end security.
Virtual Desktop
Infrastructure
(VDI) Access
The Cisco ASAs can terminate a VDI session with a high degree of
security, and it delivers transparent access to virtualized applications
and desktops. Client and clientless access to virtual resources is
offered for mobile devices, laptops, and desktop devices. Virtual-
resource access powered by highly secure remote access is
vendor-agnostic and benefits from a single access policy defined
for virtual and traditional resources.
Mobile Device
Support
With the BYOD phenomenon, administrators need to support
end-user productivity by providing personal mobile devices with
remote access to the company network. AnyConnect services can
be deployed on the most popular devices used by today’s diverse
workforce. Highly secure remote access can either be device based
or driven transparently by select enterprise mobile applications with
per-application VPN. The new per-application VPN functionality
eliminates unapproved applications from accessing confidential
business resources, further reducing malware intrusion risks and
bandwidth costs for remote access.
At-A-Glance
At-a-Glance
Next Steps
For more information, visit the
following sites:
following sites:
• Licensing and ordering: The
covers
licensing for AnyConnect, clientless
SSL VPN, and third-party Internet
Key Exchange version 2 (IKEv2)
remote-access VPN usage.
SSL VPN, and third-party Internet
Key Exchange version 2 (IKEv2)
remote-access VPN usage.
• Cisco AnyConnect Secure Mobility
.
• Cisco ASA 5500-X Series:
.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of
Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/
go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner
does not imply a partnership relationship between Cisco and any other company. (1110R)
C45-578609-07 05/16