Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
537
Views
0
Helpful
3
Replies

A few VPN questions

dpatkins
Level 1
Level 1

‎06-02-2010 01:08 PM

We have 3 VPN concetrators and an ASA 5520.  My first question is, can we do SSL VPN with a Cisco ASA now?  Do I need any specific Cisco software to accomplish this?  And does it come with a product similar to host checker so one can perform NAC functions?

Second, is there an application out there that will convert a Cisco VPN Concentrator 3060 configuration to Cisco ASA 5520 configuration?

I appreciate all the time and effort you all put into this and thank you for all teh help in the past.


Dwane

Labels:
0 Helpful
3 Replies 3

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎06-02-2010 01:25 PM

Hi,

Yes you can do clientless or client-based SSL VPNs on ASAs.

Clientless SSL:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/webvpn.html

Client-based SSL (AnyConnect):

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/svc.html

I don't think we have access to such a tool, but I believe that TAC does (to convert the configuration from Concentrator to ASA).

Federico.

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎06-02-2010 01:55 PM

Dwane,

ASA has webvpn built in... and most of the stuff you did on vpn3k will also work on ASA (plus MUCH more).

However ASA licenses usage of webvpn.

There is Cisco Secure Desktop  and Endpoint Assessment if you're interested with NAC-like features.

I vaguely remember someone mentioning some tool to migrate configuration from vpn3k to ASA could not find it however.

Hope this gets you started:

http://www.cisco.com/en/US/docs/security/asa/asa72/vpn3000_upgrade/upgrade/guide/midiffs.html

0 Helpful

m.kafka
Level 4
Level 4

‎06-02-2010 03:19 PM

Hi Dwane,

there are a few but sparse documents, describing how to migrate remote access VPN from 3000 concentrators to ASA but the good news is that the main concepts didn't change a lot. A google search of "site:cisco.com migrating remote access vpn from concentrator to ASA will help a lot.

The main document is: http://www.cisco.com/en/US/docs/security/asa/asa70/vpn3000_upgrade/upgrade/guide/migr_vpn.html

I have to admit I'm not aware of any tool that would convert the config directly, I'm afraid you would need to build the new config yourself.

SSL VPNs are covered on the ASA even with more features than the original concentrator features but only two simultanous connections are included in the standard licences, upgrades can be purchased.

You do not need any special software for SSL VPNs, only the number of simultanous connections is an issue. ASA supports alls variants of Cisco SSL VPNs: clientless (portal, but with enhanced features), thin client (port redirect), CSD (Cisco Secure Desktop) and Cisco Anyconnect.

NAC is also supported from the first version (7.0).

Rgds, MiKa

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents