CISCO ASA 5505 VPN Client Software

Unanswered Question
Apr 5th, 2011

Hi,

My customer has a Cisco ASA 5505 firewall at their head office and would like mobile users to connect in to the network.

Which Cisco VPN Client should I go for and what is the easiest way to create the VPN connection?

Thanks,

Alamb200

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
cbrowne@quatrix... Tue, 04/05/2011 - 08:34

The version of client software depends on how you want to use it and what version of Windows/MAC's the clients are using. AnyConnect is available for download by registered users.

Cisco has a good configuration guide on setting up Clientless SSL VPN's here...

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml

They have another configuration guide for when using the AnyConnect VPN Client here...

http://www.cisco.com/en/US/partner/docs/security/asa/asa80/configuration/guide/svc.html

Hope this helps.

CB

alamb200 Wed, 04/13/2011 - 09:34

Hi,

The clients will be a mixture of XP and Windows 7 Laptops.

Unfortunately I am not a registered CISCO person apart from the forums.

How I envision this working is the remote users connecting to the network using the client and accessing their emails and network shared files.

We usually use SonicWall Firewalls and their proprietary VPN client for remote connection back in.

What would you recommend for this situation?

Regards,

alamb200

Date: Tue, 5 Apr 2011 09:34:04 -0600

From: supportforums-donotreply@jivesoftware.com

To: alamb200@hotmail.com

Subject: New message: "CISCO ASA 5505 VPN Client Software"

alamb200,

A new message was posted in the Discussion thread "CISCO ASA 5505 VPN Client Software":

https://supportforums.cisco.com/message/3330789#3330789

Author : cbrowne@quatrix.co.uk

Profile : https://supportforums.cisco.com/people/cbrowne@quatrix.co.uk

Message:

ahmurad Wed, 04/13/2011 - 13:51

The IPSec client can be installed on Window XP and Windows 7 (32, 64) bit machines.

But you need a contract with Cisco so you can download the client from the software section on the Cisco.com, so you can have the client using the official ways.

About the way that the IPSec client will work and the other 3rd party, it is the same, the client will connect to the security device terminates the connection, and then you can access your internal subnets/network.

You need a contract with Cisco to download the client.

HTH.

Ahmad.

ahmurad Tue, 04/05/2011 - 10:03

You can use the SSL based client (AnyConnect) or the IPSec one, but you need to take into consideration the license you have on the ASA 5505.

If you have base license with only 2 SSL VPN users, then only 2 clients can connect, and then the IPSec client is more appropiate solutions.

But the choice is for you, SSL based, or IPSec based.

On Cisco website, you can have all the configuration examples you need for both.

Ahmad.

BornFree22 Thu, 04/07/2011 - 05:19

What would be the avilable liscence if I was to buy a new ASA5505 from a website such as CDW.com that says 10user licence? but it also says 2 SSH, 2 IPSec.. so is it two users, or 10? Thanks

kmccourt Thu, 04/07/2011 - 10:49

Have a look at Table 1-1 at http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html

Regarding the 10-user base license on the ASA5505, '10 user' refers to the number of inside hosts that  can connect concurrently to the outside through the firewall and is  nothing to do with VPN license numbers. In addition to this, the maximum number of VPN  sessions available with a base license ASA 5505 are 2 SSL (AnyConnect  Premium) and 10 IPsec (Other VPN).

BornFree22 Thu, 04/07/2011 - 11:00

Wait a minute, am i reading this wrong? Does that mean that only 10 people can access the "outside world/internet etc" at a time with a 5505?

thanks

in fact i think i get it, I think it said 10,000 not 10. my bad..

but what is the price of 10 anyconnect clients?

if alot, what is the "free" alternative?

kmccourt Thu, 04/07/2011 - 11:57

No you are not reading it wrong. Basically with a 10 user license only 10 devices can access the outside world at a time.

The AnyConnect software is free to download if you have a support contract.

What you have to pay for is a license for the ASA if you want more than 2 SSL connections; you would need to buy additional AnyConnect Essentials or AnyConnect Premium licenses. The price depends on the number of users and Essentials vs Premium.

ahmurad Thu, 04/07/2011 - 13:03

You need to upgrade the license, if you need SSL based clients, but keep in your mind, that you
can have 10 IPSEC connctions (L2L and RA), so in case you dont have specific reason for the SSL, or you have less than 10 users, then I think that the IPSEC solution is better to reduce the cost.

ahmurad Thu, 04/07/2011 - 13:00

You can contact the Cisco licensing team, and they will provide you with all the information required to have more advanced license, like the security plus.

Or you can contact the reseller or the partner, and they can advice how you can get the new license.

BornFree22 Thu, 04/07/2011 - 13:06

So can i also upgrade the 10 users at a time part? I cant even belive they sell a 5505 with only 10 users. My company is very small and has approx 25 users. Does this force me to buy a 5510 or something? Thanks

So what does it mean when it says 50 users, but in the techincal specs it says

Concurrent Sessions: 10,000

ahmurad Thu, 04/07/2011 - 13:45

Of course you can upgrade the number of users, by upgrading the license installed on the ASA 5505 device.

if you check again the same link:

http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html#wp1456941

You can upgrade to 50 users, and you can also upgrade to unlimited number of users.

No need to have new ASA, all you need is a license that matches your needs, and matches the network design.

About the concurrent connections, I think that 10.000 is the maximum number that the ASA can handle at all from all the users, and in all the directions, and this is also depends on the license.

As an example, if you have unlimited users, then the maximum number of concurrent connections that the ASA can handle is 10.000.

Anyway, this can help you on this:

http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html#wp1457605

and I think that the configuration guide (manage license section can answers this in more details).

kmccourt Thu, 04/07/2011 - 13:48

Please look again at the link I posted to the licensing matrix.

You do not need a 5510. You can get a 50 or unlimited user optional license for the 5505. This can be at the time of purchase or can be added on later.

Sent from Cisco Technical Support iPhone App

alamb200 Fri, 04/08/2011 - 01:34

Back to the original question I am looking at implementing an IPSEC VPN Client solution for my customer but do not have a support contract so will need to buy the client software.

Can anyone let me know the part numbers I will require for the client software and a riough idea of cost?

Thanks

ahmurad Fri, 04/08/2011 - 04:42

You need to go to the official ways to get the client, you need to have support contract with Cisco to download the software.
Or you need to contact the partner/reseller to have the software.

This page can help you:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/index.html

This is the information from the page:


*************************************************************************

Get the Client

Here are instructions for downloading the Cisco VPN Client:

* If you have a SMARTnet support contract and encryption entitlement, download the free Cisco VPN Client.
* If you do not have a SMARTnet support contract and encryption entitlement, get the Cisco VPN Client on CD from your reseller. Use
the Partner Locator to find a reseller.
* If you don't know, ask your IT department whether they already have the Cisco VPN Client.
*************************************************************************
ahmurad Wed, 04/13/2011 - 09:34

You need to go to the official ways to get the client, you need to

have support contract with Cisco to download the software.

Or you need to contact the partner/reseller to have the software.

This page can help you:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/index.html

This is the information from the page:

*************************************************************************

Get the Client

Here are instructions for downloading the Cisco VPN Client:

  • If you have a SMARTnet support contract and encryption entitlement,

download the free Cisco VPN Client.

  • If you do not have a SMARTnet support contract and encryption

entitlement, get the Cisco VPN Client on CD from your reseller. Use

the Partner Locator to find a reseller.

  • If you don't know, ask your IT department whether they already have

the Cisco VPN Client.

Actions

Login or Register to take actions

This Discussion

Posted April 5, 2011 at 7:05 AM
Stats:
Replies:16 Avg. Rating:
Views:4433 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard