AnyConnect is most often used

yannickwe87 · ‎05-19-2014

All,

I'm currently working as an ICT consultant, specializing in security/load balancing. I would like to know how exactly an AnyConnect connection/session works (what encryption, how is it negotiated, etc etc).

I know how to configure anyconnect, however I just realized I have no idea how it works exactly and can't seem to find any usefull information on the net (apart from that it's SSL).

And maybe a side question, I've read that you can use IPSEC (with IKEV2) aswell, what would be "more" secure, the default SSL connection or IPSEC with IKEV2?

Best regards

Marvin Rhoads · ‎05-19-2014

AnyConnect is most often used with SSL VPN implementations. The encryption and negotiation etc. in that case is very much like a browser going to an SSL-secured web page. The ASA or router presents an SSL identity certificate that's either self-signed or PKI Certificate Authority (CA). We have the option of requiring client certificates (machine or user) and a plethora of other enhancements that may affect the security of the session.

Since AnyConnect 3.0 we can also use IPsec IKEv2. If we avail ourselves of the stronger cryptographic algorithms and such (next generation encryption), IKEv2 is arguably more secure. Whether or not that has a practical effect is debatable since a well-secured SSL implementation usually suffices for most use cases. I've only seen IKEv2 used in production instances where regulatory or legal requirements mandated it (or when the engineer implementing wanted to try it out ;) ).

How exactly does anyconnect work (connection wise)