ASA 5505 - do we need SSL and VPN modules?

itlklubos6 · ‎10-16-2007

Hi,

We are going to buy ASA 5505 firewall for our SMB office. In the product specification is said, there are licenses needed for VPN and SSL.

I am a bit confused. Why I need VPN and SSL for firewall? When we run our web server the SSL certificate is on the server. Also for remote access we will have available licenses when we buy Citrix. How is the firewall VPN/SSL licensing involved in this? Do wee need those additional modules?

Thanks for help,

Lubomir

acomiskey · ‎10-16-2007

The licensing for SSL is for SSL VPN. It has nothing to do with running SSL on your webserver.

itlklubos6 · ‎10-16-2007

Thanks.

Could you please explain in more detail what is difference between VPN established by using a software like Citrix and VPN offered by a firewall?

cmcbride · ‎10-17-2007

The datasheets are a bit confusing. Cisco has a feature called SSL VPN available on the ASAs. This feature allows you to setup browser based VPN termation through SSL web sessions directly to the firewall. To use this feature you have to have SSL VPN user licenses. (It comes with 2 licenses normally I think)

You do not need any additional licensing for VPN client users that are going to use the Cisco VPN client, or even Microsoft PPTP.

If you're primarly going to use Citrix as your remote access solution, then you may not even need to configure any VPN settings on the firewall, but rather just allow access through the firewall to the Citrix box and let it do all the encryption as needed via SSL and ICA.

Joe B Danford · ‎10-17-2007

ASA also has a Citrix Plugin for the Clientless SSL VPN.

itlklubos6 · ‎10-17-2007

Thank you for explanation.

Regards,

Lubomir