This week’s post came at the (unknown to him!) encouragement from another Cisco instructor who mentioned that this product was available for download from Cisco Connection Online (CCO). The phrase in the title above, “Product for the Future”, is my own choice of words and certainly not any marketing language from Cisco Systems.
This post will show some screenshots and give some overall features of the client.
Having downloaded ASA VPN software in the past, I was used to seeing either .exe, .msi, or .pkg file formats. However, for this new update an .iso image is available. When examined with archiving software, OS-specific individual distributions can be installed. I installed the Windows-based distribution. The screenshot below displays a more cosmetically attractive interface but with limited configuration options under preferences. Not surprisingly in the same download area of CCO is the AnyConnect® Profile Editor application, a software distribution over 5X the size of the Windows package.
Having next downloaded and installed the Profile Editor package (now thankfully no longer a Java-based application!), I sought to satisfy a nagging curiosity I had about this newest release — would this new version actually support the IPSec protocol in addition to SSL and truly live up to its name? Next is a screen-shot of the editor which seemed to suggest that it would:
When I selected IPSec however, there was no option to enter a pre-shared key associated with a user group! Instead what are seen are the following options:
Here is where reading the release notes (referenced below) shed some light. In an earlier post I wrote about the implementation of IPSec using Internet Key Exchange (IKE) version 2; the Extensible Authentication Protocol (EAP) methods shown above are an inherent component of this newer version. Now what the release notes state is that this won’t be supported until yet-to-be-formally-announced ASA version 8.4 becomes available, hence my “product for the future” comments.
Until ASA 8.4 becomes available, the SSL GUI features are nonetheless impressive; note in the following screenshot the certificate matching capabilities which can be established for a profile:
What the release notes also point out is that the newer AnyConnect® now has additional modules for host posture assessment as well as malicious content reporting to the IronPort appliance. The first one of these allows the determination of required client host components without the previously necessary use of Cisco Secure Desktop.