WebVPN and Remote Access VPN

Answered Question
Jul 25th, 2009

Hello,

Is there any difference between WebVPN and Remote Access VPN or they are the same.

Thanks.

I have this problem too.
0 votes
Correct Answer by Roman Rodichev about 7 years 4 months ago

remote access vpn consists of

- remote access IPSEC VPN. It's included on ASA, no licenses required, requires pre-installed Cisco IPSEC VPN Client on PC

- remote access SSL VPN with AnyConnect. It requires SSL VPN licenses on ASA. AnyConnect client can be automatically installed on the PC with web launch.

- remote access SSL VPN with AnyConnect Essentials. Starting with ASA 8.2(1), almost $0 license. It's the same AnyConnect client as in the previous line item, but it can't be automatically installed with web launch. It must be pre-installed like Cisco IPSEC VPN client.

- webvpn aka clientless vpn. It's an HTTPS portal that allows connections to HTTP, file sharing, telnet, RDP, and many more (with smart tunnels) resources without installing an actual client on the PC. It requires SSL VPN licenses on ASA. It cannot be used if "AnyConnect Essentials" license is enabled on ASA after 8.2(1)

regards,

Roman

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Roman Rodichev Sat, 07/25/2009 - 18:26

remote access vpn consists of

- remote access IPSEC VPN. It's included on ASA, no licenses required, requires pre-installed Cisco IPSEC VPN Client on PC

- remote access SSL VPN with AnyConnect. It requires SSL VPN licenses on ASA. AnyConnect client can be automatically installed on the PC with web launch.

- remote access SSL VPN with AnyConnect Essentials. Starting with ASA 8.2(1), almost $0 license. It's the same AnyConnect client as in the previous line item, but it can't be automatically installed with web launch. It must be pre-installed like Cisco IPSEC VPN client.

- webvpn aka clientless vpn. It's an HTTPS portal that allows connections to HTTP, file sharing, telnet, RDP, and many more (with smart tunnels) resources without installing an actual client on the PC. It requires SSL VPN licenses on ASA. It cannot be used if "AnyConnect Essentials" license is enabled on ASA after 8.2(1)

regards,

Roman

Craig Hyps Wed, 07/29/2009 - 06:36

Correction: AnyConnect Essentials can be automatically launched by web launch for simplified deployment.

You will not get a portal as with Clientless WebVPN support, but it will initiate the update similar to previous support via SSL Premium license where Full Tunnel Client (AnyConnect) is set as the tunnel method.

Also, for SSL VPN (Premium License), AnyConnect can be installed/started automatically upon web portal connectio, via a link in the Clientless portal, or pre-deployed via MSI.

For further clarification...

SSL Premium is the licensing name assigned to previous SSL license functionality. It includes:

* AnyConnect (full tunnel client)

* Clientlesss WebVPN

* Cisco Secure Desktop (CSD) features

SSL Premium is licensed based on a specific user count (active connections).

AnyConnect Essentials (AC-E)is a new licensing option which allows VPN users up to the full limit supported by platform, similar to how IPsec VPN client is supported.

AC-E does not include Clientless or CSD support. AC-E and SSL Premium features can not be used concurrently. If AC-E license is installed and feature enabled, you will not be able to use Clientless WebVPN or CSD features. This restriction may change in a future release but at this time these features are mutually exclusive.

Regards,

Craig

Roman Rodichev Fri, 07/31/2009 - 04:16

Craig, I noticed documentation says AC-E doesn't support web launch. Are you saying you can still have it deployed using a browser?

Craig Hyps Fri, 07/31/2009 - 13:51

I am not familiar with the specific document reference you mention. It may be referring to the ability to launch AnyConnect from within a Clientless Portal.

In any case, the way it works is that if you connect to the ASA using a web browser, you will get the Login Page portal (same as the initial Clientless login page). The Login Page supports the group drop-down box selection or connection aliases to pre-assign the desired connection profile. You can also customize the Login Page portal (customization) as well for page logos, titles, colors. Once authenticated, user immediately proceeds to a web launch of the AnyConnect client and establishment of SSL session.

This provides a nice option to migrate existing IPsec VPN Clients to SSL-based AnyConnect to support same number of VPN clients with full tunnel capability including 64-bit Windows clients.

Regards,

Craig

Craig Hyps Wed, 07/29/2009 - 06:42

The short answer to your question is that Remote Access VPN is a general term for providing remote hosts (typically individual user PCs) access to another site using VPN technologies. These technologies are broad and can include IPsec, PPTP, L2TP, SSL, etc. WebVPN is simply one type of SSL VPN implementation where users connect via a web browser and are provided portal access via a proxy gateway like ASA and no full client is required like IPsec or AnyConnect, thus the term Clientless.

Regards,

Craig

Actions

This Discussion