The starting point for any remote access VPN discussion is Cisco's ASA 5500 series Adaptive Security Appliance, a combination VPN and firewall, with optional anti-malware and IPS capabilities.

Although older Cisco VPN clients can connect to non-VPN devices, such as PIX firewalls and IOS routers, connectivity with the new client is more limited. To get the benefit of the AnyConnect client's full feature set, you'll need an ASA appliance. IOS routers, including the 2851, 1951, 3800, and 3900, can also accept AnyConnect clients, but don't support the full feature set.

Your best bet, then, is to use an ASA appliance, which ranges from the ASA 5505 (10 to 25 users) up to the ASA 5585X (5,000 to 10,000 users).

All ASA appliances have SSL VPN features, including reverse proxying (gatewaying Web at the application layer) and application tunneling (using encrypted tunnels to expose single applications through the VPN device), although we didn't focus on those features during this test. We spent most of our testing looking at network extension, bringing remote devices onto the corporate LAN, and Cisco's approach to securing those remote devices — what is now the traditional remote access use case. (Read .)