Re: AnyConnect Secure Mobility Client in use, proprietary protocol beh

justacsmcinuse · ‎12-12-2023

If remote network administrator refuses any support (in case of issues with VPN-connection) when vpn user uses other solution than Cisco AnyConnect I guess they do so, because technology branded by Cisco is operating on their network perimeter and VPN-gateway was configured and tested by them only with Cisco AnyConnect.

Does Cisco VPN solution use proprietary protocols client to gateway hence other vendors/brands client apps have zero chances to work?

MHM Cisco World · ‎12-13-2023

Can you mote elaborate in simple words

Thanks alot

MHM

tvotna · ‎12-14-2023

Nope. Even though AnyConnect does use proprietary protocol elements, there are 3rd-party clients which mimic AnyConnect behavior and can connect to firewall just fine. They may have limited functionality though, but can still be used successfully.

Example:

https://gitlab.com/openconnect/openconnect/-/blob/master/README.md

It's used on Linux in our case.

Also, if your headend device runs ASA software, you can use standards-based IKEv2/IPSec clients, included by default in Android, iOS, Linux and other operating systems, or use strongSwan client. I've been using strongSwan on Android and it's quite nice, much better than built-in IKEv2 Android client. Standards-based clients are not supported with FTD, unless something has changed just recently. From functionality standpoint they're also a bit limited compared to AnyConnect, but all major functions are there.

justacsmcinuse · ‎12-19-2023

Thanks for hint. Yes, it is interesting and good to know, however I have to free resources to take the risk of dealing with possible issues due to incompleteness, limitations.

AnyConnect Secure Mobility Client in use, proprietary protocol behind?