04-05-2011 07:05 AM
Hi,
My customer has a Cisco ASA 5505 firewall at their head office and would like mobile users to connect in to the network.
Which Cisco VPN Client should I go for and what is the easiest way to create the VPN connection?
Thanks,
Alamb200
04-05-2011 08:34 AM
The version of client software depends on how you want to use it and what version of Windows/MAC's the clients are using. AnyConnect is available for download by registered users.
Cisco has a good configuration guide on setting up Clientless SSL VPN's here...
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml
They have another configuration guide for when using the AnyConnect VPN Client here...
http://www.cisco.com/en/US/partner/docs/security/asa/asa80/configuration/guide/svc.html
Hope this helps.
CB
04-13-2011 09:34 AM
Hi,
The clients will be a mixture of XP and Windows 7 Laptops.
Unfortunately I am not a registered CISCO person apart from the forums.
How I envision this working is the remote users connecting to the network using the client and accessing their emails and network shared files.
We usually use SonicWall Firewalls and their proprietary VPN client for remote connection back in.
What would you recommend for this situation?
Regards,
alamb200
Date: Tue, 5 Apr 2011 09:34:04 -0600
From: supportforums-donotreply@jivesoftware.com
To: alamb200@hotmail.com
Subject: New message: "CISCO ASA 5505 VPN Client Software"
alamb200,
A new message was posted in the Discussion thread "CISCO ASA 5505 VPN Client Software":
https://supportforums.cisco.com/message/3330789#3330789
Author : cbrowne@quatrix.co.uk
Profile : https://supportforums.cisco.com/people/cbrowne@quatrix.co.uk
Message:
04-13-2011 01:51 PM
The IPSec client can be installed on Window XP and Windows 7 (32, 64) bit machines.
But you need a contract with Cisco so you can download the client from the software section on the Cisco.com, so you can have the client using the official ways.
About the way that the IPSec client will work and the other 3rd party, it is the same, the client will connect to the security device terminates the connection, and then you can access your internal subnets/network.
You need a contract with Cisco to download the client.
HTH.
Ahmad.
04-05-2011 10:03 AM
You can use the SSL based client (AnyConnect) or the IPSec one, but you need to take into consideration the license you have on the ASA 5505.
If you have base license with only 2 SSL VPN users, then only 2 clients can connect, and then the IPSec client is more appropiate solutions.
But the choice is for you, SSL based, or IPSec based.
On Cisco website, you can have all the configuration examples you need for both.
Ahmad.
04-07-2011 05:19 AM
What would be the avilable liscence if I was to buy a new ASA5505 from a website such as CDW.com that says 10user licence? but it also says 2 SSH, 2 IPSec.. so is it two users, or 10? Thanks
04-07-2011 10:49 AM
Have a look at Table 1-1 at http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html
Regarding the 10-user base license on the ASA5505, '10 user' refers to the number of inside hosts that can connect concurrently to the outside through the firewall and is nothing to do with VPN license numbers. In addition to this, the maximum number of VPN sessions available with a base license ASA 5505 are 2 SSL (AnyConnect Premium) and 10 IPsec (Other VPN).
04-07-2011 11:00 AM
Wait a minute, am i reading this wrong? Does that mean that only 10 people can access the "outside world/internet etc" at a time with a 5505?
thanks
in fact i think i get it, I think it said 10,000 not 10. my bad..
but what is the price of 10 anyconnect clients?
if alot, what is the "free" alternative?
04-07-2011 11:57 AM
No you are not reading it wrong. Basically with a 10 user license only 10 devices can access the outside world at a time.
The AnyConnect software is free to download if you have a support contract.
What you have to pay for is a license for the ASA if you want more than 2 SSL connections; you would need to buy additional AnyConnect Essentials or AnyConnect Premium licenses. The price depends on the number of users and Essentials vs Premium.
04-07-2011 01:03 PM
You need to upgrade the license, if you need SSL based clients, but keep in your mind, that you
can have 10 IPSEC connctions (L2L and RA), so in case you dont have specific reason for the SSL, or you have less than 10 users, then I think that the IPSEC solution is better to reduce the cost.
04-07-2011 01:00 PM
You can contact the Cisco licensing team, and they will provide you with all the information required to have more advanced license, like the security plus.
Or you can contact the reseller or the partner, and they can advice how you can get the new license.
04-07-2011 01:06 PM
So can i also upgrade the 10 users at a time part? I cant even belive they sell a 5505 with only 10 users. My company is very small and has approx 25 users. Does this force me to buy a 5510 or something? Thanks
So what does it mean when it says 50 users, but in the techincal specs it says
Concurrent Sessions: 10,000
04-07-2011 01:45 PM
Of course you can upgrade the number of users, by upgrading the license installed on the ASA 5505 device.
if you check again the same link:
http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html#wp1456941
You can upgrade to 50 users, and you can also upgrade to unlimited number of users.
No need to have new ASA, all you need is a license that matches your needs, and matches the network design.
About the concurrent connections, I think that 10.000 is the maximum number that the ASA can handle at all from all the users, and in all the directions, and this is also depends on the license.
As an example, if you have unlimited users, then the maximum number of concurrent connections that the ASA can handle is 10.000.
Anyway, this can help you on this:
http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html#wp1457605
and I think that the configuration guide (manage license section can answers this in more details).
04-07-2011 01:48 PM
Please look again at the link I posted to the licensing matrix.
You do not need a 5510. You can get a 50 or unlimited user optional license for the 5505. This can be at the time of purchase or can be added on later.
Sent from Cisco Technical Support iPhone App
04-08-2011 01:34 AM
Back to the original question I am looking at implementing an IPSEC VPN Client solution for my customer but do not have a support contract so will need to buy the client software.
Can anyone let me know the part numbers I will require for the client software and a riough idea of cost?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide