how does Cisco any connect vpn work? like is there a physical hardware that needs to be in the building or does it work over the cloud?
The AnyConnect client communicates to a VPN server (Cisco router, firewall, VPN concentrator) at a location (head quarters). The VPN server must be configured to accept VPN sessions
It’s typically used with a physical ASA firewall or FTD firewall. The firewall of course is betwen the internet and your internal network. And the anyconnect vpn client allows remote workers to connect back to the outside interface of the firewall and gives the remote worker access to internal resources.
There are other configuration decisions of course (split tunnel, tunnel all, etc).
These firewalls could be virtualized too in your office environment or in the cloud. If all your resources are in the cloud (ie aws), it could make sense.
You will probably need to provide a bit more detail. A VPN in general (basic terminology) creates a virtual tunnel between the client machine(s) and some other location. That could be a server to mask your location, or the secure corporate network.
So if your goal is to set up the ability for remote workers to connect to a secure corporate network, that is an option. However, depending on how small the network/company is, there may be other, simpler options.
I’m sure people with more firewall and security expertise than myself could give you recommendations if they had more details on what you were trying to set up.
thank you. so I can put any connect in the azure cloud since I am using active directory and the firewalls can be local in each branch?
You could put a virtual ASA or FTD in the azure cloud and use Anyconnect as the vpn client to the ASA or FTD.
Do you have virtual machines (ie domain controllers) in the azure cloud or just o365?
To be honest I think your fundamental understanding of anyconnect as a vpn client isn’t quite there yet. Keep researching/digging!!!