Why You Should Use Cisco AnyConnect Instead of the Cisco VPN Client

There seems to be some confusion about the differences between the Cisco VPN Client and the Cisco AnyConnect Secure Mobility Client (or sometimes referenced as Cisco AnyConnect VPN Client). The former is the oldest of two, and Cisco plans to end support for the Cisco VPN Client on July 29, 2014. This article gives a quick overview of the differences between the Cisco AnyConnect VPN Client and the Cisco VPN Client, and in what situations each of them should be used.

Cisco VPN Client

The Cisco VPN Client has been around for some time and has been used in a large number of enterprises over its life. At this point, Cisco considers this product as End-of-Life (EoL), but that does not mean that several organizations don’t still use it. The change between clients, especially when it affects large numbers of clients, can be a large painful experience, which is why many organizations still use this client.

The major limitation of the Cisco VPN Client is that it is limited to being a simple client (it doesn’t have all the bells and whistles that the AnyConnect client supports), and that it is restricted in its support of VPN type. While the new AnyConnect Secure Mobility Client supports both SSL and IPsec VPN tunnel options, the older Cisco VPN client only supports IPsec. So for organizations that are happy using IPsec (keeping in mind that more secure versions of IPsec will not be included in this client) and don’t have any need for the newer features, then until the client is completely removed from the Cisco site, it is hard to find an argument for not using it.

Cisco VPN client
A screenshot of the Cisco VPN Client.

Cisco AnyConnect Secure Mobility Client (AnyConnect VPN Client)

The AnyConnect Secure Mobility Client is the preferred Cisco client option. It is actively updated and includes support for both IPsec and SSL VPN options. AnyConnect profiles are configured at the VPN server side and deployed to the client, and the AnyConnect client also supports IKEv2.0 and the newer NSA Suite B high encryption standards. The selection of which encryption types are supported is configured along with the profile at the VPN server so that each client has the option of using multiple VPN protocols depending on the specific client connectivity.

On top of having support for both SSL and IPsec VPN protocols, the AnyConnect Secure Mobility client also supports a number of different modules which extend its capabilities. These modules include AnyConnect VPN, AnyConnect VPN Start Before Login, AnyConnect Diagnostic and Reporting Tool, AnyConnect Network Access Manager, AnyConnect Posture, AnyConnect Telemetry, and AnyConnect Web Security.

Cisco AnyConnect Secure Mobility Client VPN
A screenshot of Cisco AnyConnect Secure Mobility Client.

While it is obvious that Cisco is pushing the newer AnyConnect client, the Cisco VPN Client continues to work in many situations and should be useable for a little while longer. Hopefully this quick review of the differences between these two clients will help make the best decision for each specific environment.