Better idea: you should look at Cisco ISA 550 or ISA 570 which has replaced SA series.
It's great UTM appliance for SMB and it supports SSL VPN which is supported in Windows 8 by Cisco AnyConnect VPN client.

I just updated Ronald's post that Cisco has really great solution for SMB UTM segment so you don't have to swtich to other vendor at all - ISA500 is really great product.

As regarding your problem: it seems SSL VPN on Windows 8 is not official supported for SA520 . But there is know issue with Windows 7 - maybe it applies to Windows 8 also - can you check it?

CSCtv22608 On a Windows 7 64-bit computer, an SSL VPN tunnel cannot be established with the Microsoft Visual C++ 2008 Redistributable Package (x64).

Workaround: Download the Microsoft Visual C++ 2005 Redistributable Package (x64) from Microsoft.

If it doesn't solve the issue - open the case at support center:

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html#csb

Well, the C++ package is always an issue. I remember that we had these issues already with the RVL200 many years ago. Even Cisco fixed many SSL bugs and came up with solutions to make SSL VPN work again and again. However, with every upgrade of the firmware, Java or Windows (often just a security patch) made the connection to fail again. As this happened every couple month, we switched the SSL VPN to a competitor and since we had no more connection issues.
So the Cisco solution is just not stable enough for a small business solution..

As for the ISA500, I just ordered a ISA570W and will test it.

So, meanwhile I installed a ISA570. It has some real nice features, like security zones and shows a pretty good performance.

However, the ISA500 is not ready for small businesses yet, so it misses some major functions, some of them were already implemented in the SA540.

For example the security service functions that replaced ProtectLink have no scheduling function. So it is not possible to allow some Web URL filters to apply during business hours and another set during non business hours. I can not understand why Cisco missed to add the scheduling function to the URL filters.

As for the scheduling functions in the firewall to protect zones and ports, it is only possible to set up schedules within a day. So in order to separate business and non business hours, you have to set up at least 4 schedules (00:00 - 08:00, 08:00 - 17:00, 17:00 - 24:00 and weekend 00:00 - 24:00). This means, that ou have to apply each firewall rule to these four schedules, for a small business this gets very complicated.

Well, I hope Cisco will look at small businesses again and update the firmware of the ISA500 to include at least the functions of the SA500 and update the implemented features, so also small businesses can handle it.

So far I just tested the installation, I will look at the UTM security services in the next days and report back.

Greetings,

Roland

Torsten,

Contact Cisco SMB support and request a return of the SA. You should get your money back that you could put towards the ISA series and transfer smartnet. A pain but at least you can recoup the money.  The cost of the ISA was almost equal for us.