Cisco ASA 5525-X ASA5525VPN-PM500K9 User Manual
Product codes
ASA5525VPN-PM500K9
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
At-A-Glance
The Cisco® AnyConnect Secure Mobility solution is powered by the industry’s
leading firewall: the Cisco ASA 5500 Series Adaptive Security Appliance. It offers a
comprehensive suite of VPN access features along with powerful security features. It
allows administrators to provision remote access through appropriate security policies
for a variety of endpoints — from Mac or Windows environments to the latest iPad/
iPhones and Android devices — using multiple access methods, such as the user-
acclaimed Cisco AnyConnect® Secure Mobility Client or the Cisco clientless portal for
any web browser (Figure 1).
leading firewall: the Cisco ASA 5500 Series Adaptive Security Appliance. It offers a
comprehensive suite of VPN access features along with powerful security features. It
allows administrators to provision remote access through appropriate security policies
for a variety of endpoints — from Mac or Windows environments to the latest iPad/
iPhones and Android devices — using multiple access methods, such as the user-
acclaimed Cisco AnyConnect® Secure Mobility Client or the Cisco clientless portal for
any web browser (Figure 1).
Cisco AnyConnect Secure Mobility
solution provides:
• Context-aware, comprehensive, and
preemptive security policy enforcement
• Intelligent, seamless, and always-on
connectivity experience
• Secure mobility across today’s
proliferating managed and unmanaged
mobile devices
solution provides:
• Context-aware, comprehensive, and
preemptive security policy enforcement
• Intelligent, seamless, and always-on
connectivity experience
• Secure mobility across today’s
proliferating managed and unmanaged
mobile devices
Cisco AnyConnect
Secure Mobility Solution
Components
Cisco AnyConnect Secure Mobility
Client: The industry’s leading client is a
multi-faceted endpoint software product
that not only provides VPN access
through Secure Sockets Layer (SSL)
(including Transport Layer Security (TLS)
Client: The industry’s leading client is a
multi-faceted endpoint software product
that not only provides VPN access
through Secure Sockets Layer (SSL)
(including Transport Layer Security (TLS)
and Datagram Transport Layer Security [DTLS]) or IPsec Internet Key Exchange (IKEv2)
protocols, but also offers enhanced security through various built-in modules, such as the
Cisco Network Access Manager, the Cisco HostScan package, and Cisco AnyConnect
Web Security module. The Cisco AnyConnect Client is available across the broadest set of
platforms, such as Windows, Mac OS X, Linux, iOS, Android, and more.
Cisco Network Access Manager: Provides superior connectivity features by giving
administrators the ability to control which networks or resources endpoints are able
to connect to. It provides an 802.1X supplicant that can be provisioned as part of
authentication, authorization, and accounting (AAA) capabilities along with some unique
encryption technologies such as MACsec IEEE 802.1AE.
protocols, but also offers enhanced security through various built-in modules, such as the
Cisco Network Access Manager, the Cisco HostScan package, and Cisco AnyConnect
Web Security module. The Cisco AnyConnect Client is available across the broadest set of
platforms, such as Windows, Mac OS X, Linux, iOS, Android, and more.
Cisco Network Access Manager: Provides superior connectivity features by giving
administrators the ability to control which networks or resources endpoints are able
to connect to. It provides an 802.1X supplicant that can be provisioned as part of
authentication, authorization, and accounting (AAA) capabilities along with some unique
encryption technologies such as MACsec IEEE 802.1AE.
Cisco Web Security: Cisco AnyConnect has a built-in module that enables web security
either through the on-premises Cisco Web Security Appliance (WSA) or the cloud-based
Cisco Cloud Web Security offering. Combining web security with VPN, administrators
can provide comprehensive secure mobility to all end users, which is important for BYOD
deployments.
Persistent security and policy enforcement: Enterprises have a choice to deploy a
premises-based Cisco Web Security Appliance or use the software-as-a-service
(SaaS) Cisco Cloud Web Security offering to keep malware off their corporate networks
and control and secure their employees’ web usage. The extensibility of the Cisco
AnyConnect Secure Mobility Client supports both cloud-based and premises-based
web security solutions, providing flexibility to help ensure a safe and productive Internet
environment. Context-aware security policy, including enforcing acceptable use and
protection from malware, is available for all users.
Clientless access: The Cisco ASA appliances provide SSL connectivity through a variety
of browsers across multiple platforms. Cisco ASA enables administrators to provide
clientless VPN access to unmanaged endpoints and offers access to various web and
TCP/IP-based applications. These are provided through a rewriter, plugins, or smart
tunnels using browser embedded SSL technology while ensuring granular access
control and end-to-end security.
Virtual Desktop Infrastructure (VDI) access: The Cisco ASA can securely terminate
a VDI session and seamlessly enable access to virtualized applications and desktops.
Client and clientless access to virtual resources are offered for mobile devices, laptops,
and desktop devices. Virtual-resource access powered by the Cisco Secure Remote
Access is vendor-agnostic and benefits from a single access policy, defined for virtual
and traditional resources.
Cisco HostScan package: The Cisco ASA scans endpoints requesting remote access
and determines whether their state is compliant with the company’s policy before
granting access. An administrator can also remediate noncompliant endpoints. Cisco
HostScan can be used whether the access is client-based or clientless.
Mobile devices: With the recent bring-your-own-device (BYOD) phenomenon,
administrators need to support end-user productivity by enabling these users to use
their own mobile devices for remote access to the company’s network. The AnyConnect
client can be deployed on most consumer devices, including Android and Apple based
smartphones and tablets. Administrators will enjoy the ease of certificate deployment
offered by the Simple Certificate Enrollment Protocol (SCEP) proxy built into Cisco ASA
solutions, which includes pre-deployment device identification.
either through the on-premises Cisco Web Security Appliance (WSA) or the cloud-based
Cisco Cloud Web Security offering. Combining web security with VPN, administrators
can provide comprehensive secure mobility to all end users, which is important for BYOD
deployments.
Persistent security and policy enforcement: Enterprises have a choice to deploy a
premises-based Cisco Web Security Appliance or use the software-as-a-service
(SaaS) Cisco Cloud Web Security offering to keep malware off their corporate networks
and control and secure their employees’ web usage. The extensibility of the Cisco
AnyConnect Secure Mobility Client supports both cloud-based and premises-based
web security solutions, providing flexibility to help ensure a safe and productive Internet
environment. Context-aware security policy, including enforcing acceptable use and
protection from malware, is available for all users.
Clientless access: The Cisco ASA appliances provide SSL connectivity through a variety
of browsers across multiple platforms. Cisco ASA enables administrators to provide
clientless VPN access to unmanaged endpoints and offers access to various web and
TCP/IP-based applications. These are provided through a rewriter, plugins, or smart
tunnels using browser embedded SSL technology while ensuring granular access
control and end-to-end security.
Virtual Desktop Infrastructure (VDI) access: The Cisco ASA can securely terminate
a VDI session and seamlessly enable access to virtualized applications and desktops.
Client and clientless access to virtual resources are offered for mobile devices, laptops,
and desktop devices. Virtual-resource access powered by the Cisco Secure Remote
Access is vendor-agnostic and benefits from a single access policy, defined for virtual
and traditional resources.
Cisco HostScan package: The Cisco ASA scans endpoints requesting remote access
and determines whether their state is compliant with the company’s policy before
granting access. An administrator can also remediate noncompliant endpoints. Cisco
HostScan can be used whether the access is client-based or clientless.
Mobile devices: With the recent bring-your-own-device (BYOD) phenomenon,
administrators need to support end-user productivity by enabling these users to use
their own mobile devices for remote access to the company’s network. The AnyConnect
client can be deployed on most consumer devices, including Android and Apple based
smartphones and tablets. Administrators will enjoy the ease of certificate deployment
offered by the Simple Certificate Enrollment Protocol (SCEP) proxy built into Cisco ASA
solutions, which includes pre-deployment device identification.
Cisco® ASA
Mobile User
Home Office
Branch Office
Cisco AnyConnect and ASA
Cellular
or Wi-Fi
Wi-Fi
Wired
Corporate Headquarters
Secure, Consistent Access
- AnyConnect
Figure 1.
Cisco AnyConnect Secure Mobility Solution Overview
Cisco AnyConnect Secure Mobility Solution Overview