Anyconnect Essential or SSL VPN?

Answered Question
Nov 11th, 2010

Hi,

I am a bit confused. What's difference between Anyconnect Essential(L-ASA-AC-E-5510=) and SSL VPN licenses(L-ASA-SSL-PR-25=)? I am trying to serve following goal and bit confused about what to purchase.

1. Allow users to VPN in via SSL and telnet to the unix system.

2. Allow users to use RDP sessions once connected to the windows system.

3. Allow users to let their outlook connect to exchange server once connected.

I need a solution that would download the client(just point browser to https://x.x.x.x) and let the client gets pushed out. I also need another VPN profile that uninstalls any downloaded client when disconnected. The second profile is for travelling people who uses public PC.

Also, do I need Anyconnect Mobile license if wanted to use iPhone or iPad to access the SSL vpn url?

Any reply would be greatly appreciated.

Thanks,


Sam

I have this problem too.
0 votes
Correct Answer by coto.fusionet about 3 years 5 months ago

Hi,

The clients that you mentioned are only for client-based VPN connections.

Client-based VPN connections are two types:

1. IPsec client --> requires the IPsec client

2. SSL-based client ---> requires the AnyConnect

SVC used to be the old version of AnyConnect (not used anymore).

It was supported only in version 7 of the ASA not 8.

In summary.

For SSL connections:

Client-based --> Need AnyConnect in Flash

Client-less --> No need for any client (browser is in charge of managing the HTTPS connection).

Federico.

Correct Answer by coto.fusionet about 3 years 5 months ago

Clientless SSL means that you establish an SSL tunnel to the ASA without a client (AnyConnect).

In other words, the remote computer needs only a browser to establish the secure connection via HTTPS and have access to a web potal that can redirect access to the internal resources. This type of connection (clientless) allows for access to web applications and via port-forwarding you can enable access to other TCP applications.

When you need full network access (emulating the IPsec VPN client) you require the Client-based SSL connection (AnyConnect).

This does not require a webportal, instead provides with complete full network access.

If you use AnyConnect, the client can be pushed from the ASA to the client via the HTTPS connection (and kept on the remote system or removed) depending on the configuration.

If you're looking for a remote SSL connection that can access a portal and log via telnet/RDP you can use clientless SSL with port forwarding.

If you want the remote clients to have full network access (just like if they are sitting in the local network), you will require the AnyConnect.

Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
coto.fusionet Thu, 11/11/2010 - 06:12

Hi,

The AnyConnect Essential license will allow for AnyConnect connections but not for SSL clientless connections.

The AnyConnect Premium includes support for clientless as well as advanced features as Cisco Secure Desktop.

Please check the following license information:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd80402e3f.html

Hope it helps.

Federico.

smunzani@nuclio.com Thu, 11/11/2010 - 06:42

I am still confused.

Here is description of AnyConnect Premium from the URL you provided.

Includes clientless SSL VPN, Cisco AnyConnect  Secure Mobility, and Cisco Secure Desktop capabilities (including Host  Scan). Optionally provides full tunneling access to enterprise  applications.

What does it mean by clientless SSL VPN? I thought Anyconnect Essential is also SSL vpn. So what's the fundamental difference for the term "Clientless". Does it mean for AnyConnect Essentials if I point a browser to the URL, it will not download the .pkg file and give me tunnel? Does that mean with AnyConnect Essential I have to load the client on the PC and AnyConnect Premium does it automatically?

I am not looking for web based client VPN that gives me a portal where I could launch some internal URLs. I don't have any http based applications at all. Its all Telnet, RDP.

Thanks,

Sam

Correct Answer
coto.fusionet Thu, 11/11/2010 - 06:48

Clientless SSL means that you establish an SSL tunnel to the ASA without a client (AnyConnect).

In other words, the remote computer needs only a browser to establish the secure connection via HTTPS and have access to a web potal that can redirect access to the internal resources. This type of connection (clientless) allows for access to web applications and via port-forwarding you can enable access to other TCP applications.

When you need full network access (emulating the IPsec VPN client) you require the Client-based SSL connection (AnyConnect).

This does not require a webportal, instead provides with complete full network access.

If you use AnyConnect, the client can be pushed from the ASA to the client via the HTTPS connection (and kept on the remote system or removed) depending on the configuration.

If you're looking for a remote SSL connection that can access a portal and log via telnet/RDP you can use clientless SSL with port forwarding.

If you want the remote clients to have full network access (just like if they are sitting in the local network), you will require the AnyConnect.

Federico.

smunzani@nuclio.com Thu, 11/11/2010 - 07:36

Thank you. Your answer really clarified my confusion.

I will try out clientless SSL with port-forwarding and see if that solves my need. If not, go with Anyconnect Essential. I didn't know that AnyConnect Essential could also push the client binaries to the PC. I was under the impression that it was an advanced feature.

Thanks,

Sam

smunzani@nuclio.com Thu, 11/11/2010 - 08:29

One last non related question. On CCO there are various types of clients.

1. IPSEC VPN client - version      <= Seems current

2. AnyConnect VPN client - V2.x     <= Seems current

3. SSL VPN client V1.x     <= This seems antique. Last updated in 2008.

So if I want to implement clientless SSL vpn, do I need that antique piece of software on the flash of the ASA?

Correct Answer
coto.fusionet Thu, 11/11/2010 - 08:59

Hi,

The clients that you mentioned are only for client-based VPN connections.

Client-based VPN connections are two types:

1. IPsec client --> requires the IPsec client

2. SSL-based client ---> requires the AnyConnect

SVC used to be the old version of AnyConnect (not used anymore).

It was supported only in version 7 of the ASA not 8.

In summary.

For SSL connections:

Client-based --> Need AnyConnect in Flash

Client-less --> No need for any client (browser is in charge of managing the HTTPS connection).

Federico.

Actions

Login or Register to take actions

This Discussion

Posted November 11, 2010 at 6:02 AM
Stats:
Replies:7 Avg. Rating:5
Views:4407 Votes:0
Shares:0

Related Content

Discussions Leaderboard