Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
917
Views
4
Helpful
3
Replies

SSL VPN on ASA (Over 300+ Users)

Dean-VA
Level 1
Level 1

‎08-30-2010 08:28 PM

I am looking for a SSL VPN Solution for our Company that would scale to 700+ users in the next few years.  We are currently using the Avetail SSL VPN, and although it does a good job, the licenses are a bit expensive and we do have an opportunity to evaluate other solutions.

Anyone is using the Cisco SSL VPN for somewhat large user population?  Is it stable?  Any input you can provide would be much appreciated…Even recommending something else.

I am very familiar with Cisco’s IPSec VPN on the ASA and concentrator, but don’t have much experience with the SSL VPN.

Thanks

Labels:
0 Helpful
3 Replies 3

Jay Young
Cisco Employee
Cisco Employee

‎09-03-2010 12:18 PM

Hi,


Anyconnect using ASAs as head end devices should be able to fit your requirements quite well.  There are a number of different models that can scale up and over 700 users.  The data sheet here will list the platform limitations for each ASA model http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd80402e3f.html.

In regard to costs if you are just looking to provide ipsec client replacement/full tunnel access a license called 'Anyconnect essentials' can be purchased.  The premium sslvpn licenses are bought on a per-user basis and provide clientless access, CSD, Endpoint assessment, along with Anyconnect access.  If you just need Anyconnect access the 'Anyconnect essentials' license is reduce cost and a per box (rather than per user) feature.

In regards to high availability you can either cluster the ASAs together in a load balance fashion or go for a Active/Standy situation.  There are also features like Optimal Gateway Selection and backup server lists (configured in Anyconnect profiles) that will allow for geographic backup/failover.

The anyconnect has complete feature parity with the ipsec client plus extended OS support and features.

I didn't want this to sound too much like a sales pitch but I have seen a good number of companies running Anyconnect as their primary remote access solution (usually migrated from the ipsec to Anyconnect with minimal/no distruption to users).  Let us know if you have more specific questions.

-Jay

Dean-VA
Level 1
Level 1
In response to Jay Young

‎09-06-2010 08:07 AM

Thanks Jay!  I have a bunch of other question..Who in Cisco I can talk to about this?

Thanks

0 Helpful

Jay Young
Cisco Employee
Cisco Employee
In response to Dean-VA

‎09-13-2010 08:11 AM

Isalem,

Unfortunately I do not have a specific contact for you.  Within our sales organization we have specialist that should be able to answer any of those questions.  I would suggest getting in contact with your local sales rep and he/she should be able to put you in contact with the specialists.

-Jay

0 Helpful
Customers Also Viewed These Support Documents