Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2042
Views
0
Helpful
3
Replies

different types of vpn

ronshuster
Level 1
Level 1

‎11-09-2009 12:23 PM

I am very familiar with IPSEC (site to site and remote access) vpns, but i would like to know exactly how the clientless ssl vpn and the ssl vpn client (anyconnect) work in terms of its configuration\setup and features. In what applications should this type of setup be used?

does the ssl vpn client (any clientless) require a group authentication name and a shared secret like the ipsec vpn?

Labels:
0 Helpful
3 Replies 3

Herbert Baerten
Cisco Employee
Cisco Employee

‎11-10-2009 04:26 AM

In its most basic form, you do not need a group (all connections will land on the DefaultWebvpnGroup which is created by default, with a default config that you can modify).

However, you can also create groups (connection profiles in ASDM-lingo) and group policies, or push attributes from a Radius server just like with IPsec.

There is no group password, so by default any user can connect to any group (provided that they pass the authentication configured for that group), but there are ways to prevent this (e.g. the Radius server can specify which group a certain user can only connect to).

What happens after connecting is quite different with clientless, you may think of it more as a kind of HTTP proxy.

Anyconnect is quite similar to the ipsec client as far as usage is concerned.

I think you can find numerous examples on cisco.com, e.g. http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml

hth

Herbert

0 Helpful

ronshuster
Level 1
Level 1
In response to Herbert Baerten

‎11-12-2009 07:50 AM

What about the anyconnect software, does it only support SSL? what type of setups does it support? can you pls send me an example if you have any?

also where would you use it as opposed to the clientless (webvpn)?

0 Helpful

Herbert Baerten
Cisco Employee
Cisco Employee
In response to ronshuster

‎11-12-2009 01:22 PM

Yes Anyconnect only supports SSL at this time (this may or may not change at some point in the future).

Type of setup: you can pre-install the client on a workstation just like the ipsec client, or you can have the user download it at first use and then keep it installed, or you can have the user download it on every use.

Installation requires admin privileges though (at least on Windows, not sure about Mac and Linux) so this could be one reason to opt for clientless (e.g. for use in Internet cafe's etc.)

The same group can support both clientless and anyconnect, so the user can choose at connect time.

A good example of a basic config can be found here:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

(note that in the config, anything anyconnect related still uses the lecagy name "svc" - short for SSL Vpn Client, the old name for Anyconnect).

Much more details can be found in the admin guide:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect24/administration/guide/anyconnectadmin24.html

hth

Herbert

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents