07-17-2007 01:31 AM - edited 02-21-2020 03:09 PM
Hi,
We've just purchased an ASA5510 and I'm trying to figure out the difference of the mentioned VPN possibilities. Can anyone describe the differences and use case scenarios of all remote-access vpn types of the asa?
Thanks in advance.
Rgds,
Rasmus
Solved! Go to Solution.
07-18-2007 05:37 AM
Hi Rasmus,
They both use different protocols SSH and IPSEC, and there are both secure in terms of security.
SSL is easy to deploy as compared to ipsec. Imagine you have 200+ users and to make them login to vpn you need to give them client software and pcf file , which is not reqd in case of SSL.
Regards,
~JG
Please rate if helps
07-17-2007 12:16 PM
Hi,
I guess here are the possible questions that you wanted to be answered:
Q1. Whats the difference between SSL VPN Client (1.0) & WEBVPN
Ans. The difference between the webvpn and SSL VPN Client is the WebVPN uses SSL/TLS and port
forwarding via a java app for application support, it also only supports unicast TCP
traffic, no ip address is assigned to the client, and all the web-browsing down the tunnel is done with an SSL web-mangle that allows us to stuff things into the SSL session. The SSL VPN Client is a full tunneling client using SSL/TCP that installs an app on the machine and envelopes the vpn traffic into the ssl session and also has an ip address assigned so the tunnel is two way, not uni-directional. It allows for application support over the tunnel without having to set up a port forward for each application.
Q2. Is it true that with SSL VPN Client we will have more features than WEBVPN ?
Ans. It is a fact that the SSL VPN Client provides more support than the WebVPN does, but in regards to features WebVPN has more features because every little bit of it has to be configured. The SSL VPN Client provides wider support with less to configure and is much more functional.
Q3. Which soultion would be right for us WEBVPN or SSL VPN ?
Ans. This last question I really cannot answer as it's not TAC's position to tell you what
you do and do not need. My opinion is that the SSL VPN is by far a better solution as
it runs over SSL over TCP, had small impact to all traffic to determine if traffic is destined for STC client and faster than mangled WebVPN, but in the end it's really up to you to decide which features you do and do not need.
Check this link,
http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
Regards,
~JG
Please rate helpful posts.
07-17-2007 11:56 PM
Thank you very much for your answer. Sounds like the SSL client is the right choice for us, since our users have a lot of 3rd party software they need to use.
Now... Is the "old" IPSec client all gone? Is all remote access done through SSL now? Why?
Thanks again,
Rasmus
07-18-2007 05:37 AM
Hi Rasmus,
They both use different protocols SSH and IPSEC, and there are both secure in terms of security.
SSL is easy to deploy as compared to ipsec. Imagine you have 200+ users and to make them login to vpn you need to give them client software and pcf file , which is not reqd in case of SSL.
Regards,
~JG
Please rate if helps
07-24-2007 04:34 AM
On one of the ASAs I setup some users get the WebVPN when they logon and others get the SSL VPN. What controls which one they get?
07-24-2007 05:54 AM
That you need to setup on group policy,
check out this presentation,
http://www.cisco.com/E-Learning/bulk/public/celc/Cisco_QLM13_ASA_beta/course_skin.html
Regards,
JG
08-06-2008 06:48 PM
Jagdeep,
The E-learning on how to setup the SSL VPN was very helpful. Do you have the E-Learning modules on how to setup VPN client, Site-to-Site VPN on the ASA? We have the ASA5550.
Thanks.
Diane
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide