cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
24465
Views
0
Helpful
16
Replies

CISCO ASA 5505 VPN Client Software

alamb200
Level 1
Level 1

Hi,

My customer has a Cisco ASA 5505 firewall at their head office and would like mobile users to connect in to the network.

Which Cisco VPN Client should I go for and what is the easiest way to create the VPN connection?

Thanks,

Alamb200

16 Replies 16

cbrowne
Level 1
Level 1

The version of client software depends on how you want to use it and what version of Windows/MAC's the clients are using. AnyConnect is available for download by registered users.

Cisco has a good configuration guide on setting up Clientless SSL VPN's here...

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml

They have another configuration guide for when using the AnyConnect VPN Client here...

http://www.cisco.com/en/US/partner/docs/security/asa/asa80/configuration/guide/svc.html

Hope this helps.

CB

Hi,

The clients will be a mixture of XP and Windows 7 Laptops.

Unfortunately I am not a registered CISCO person apart from the forums.

How I envision this working is the remote users connecting to the network using the client and accessing their emails and network shared files.

We usually use SonicWall Firewalls and their proprietary VPN client for remote connection back in.

What would you recommend for this situation?

Regards,

alamb200

Date: Tue, 5 Apr 2011 09:34:04 -0600

From: supportforums-donotreply@jivesoftware.com

To: alamb200@hotmail.com

Subject: New message: "CISCO ASA 5505 VPN Client Software"

alamb200,

A new message was posted in the Discussion thread "CISCO ASA 5505 VPN Client Software":

https://supportforums.cisco.com/message/3330789#3330789

Author : cbrowne@quatrix.co.uk

Profile : https://supportforums.cisco.com/people/cbrowne@quatrix.co.uk

Message:

The IPSec client can be installed on Window XP and Windows 7 (32, 64) bit machines.

But you need a contract with Cisco so you can download the client from the software section on the Cisco.com, so you can have the client using the official ways.

About the way that the IPSec client will work and the other 3rd party, it is the same, the client will connect to the security device terminates the connection, and then you can access your internal subnets/network.

You need a contract with Cisco to download the client.

HTH.

Ahmad.

ahmurad
Cisco Employee
Cisco Employee

You can use the SSL based client (AnyConnect) or the IPSec one, but you need to take into consideration the license you have on the ASA 5505.

If you have base license with only 2 SSL VPN users, then only 2 clients can connect, and then the IPSec client is more appropiate solutions.

But the choice is for you, SSL based, or IPSec based.

On Cisco website, you can have all the configuration examples you need for both.

Ahmad.

What would be the avilable liscence if I was to buy a new ASA5505 from a website such as CDW.com that says 10user licence? but it also says 2 SSH, 2 IPSec.. so is it two users, or 10? Thanks

Have a look at Table 1-1 at http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html

Regarding the 10-user base license on the ASA5505, '10 user' refers to the number of inside hosts that  can connect concurrently to the outside through the firewall and is  nothing to do with VPN license numbers. In addition to this, the maximum number of VPN  sessions available with a base license ASA 5505 are 2 SSL (AnyConnect  Premium) and 10 IPsec (Other VPN).

Wait a minute, am i reading this wrong? Does that mean that only 10 people can access the "outside world/internet etc" at a time with a 5505?

thanks

in fact i think i get it, I think it said 10,000 not 10. my bad..

but what is the price of 10 anyconnect clients?

if alot, what is the "free" alternative?

No you are not reading it wrong. Basically with a 10 user license only 10 devices can access the outside world at a time.

The AnyConnect software is free to download if you have a support contract.

What you have to pay for is a license for the ASA if you want more than 2 SSL connections; you would need to buy additional AnyConnect Essentials or AnyConnect Premium licenses. The price depends on the number of users and Essentials vs Premium.

You need to upgrade the license, if you need SSL based clients, but keep in your mind, that you
can have 10 IPSEC connctions (L2L and RA), so in case you dont have specific reason for the SSL, or you have less than 10 users, then I think that the IPSEC solution is better to reduce the cost.

You can contact the Cisco licensing team, and they will provide you with all the information required to have more advanced license, like the security plus.

Or you can contact the reseller or the partner, and they can advice how you can get the new license.

So can i also upgrade the 10 users at a time part? I cant even belive they sell a 5505 with only 10 users. My company is very small and has approx 25 users. Does this force me to buy a 5510 or something? Thanks

So what does it mean when it says 50 users, but in the techincal specs it says

Concurrent Sessions: 10,000

Of course you can upgrade the number of users, by upgrading the license installed on the ASA 5505 device.

if you check again the same link:

http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html#wp1456941

You can upgrade to 50 users, and you can also upgrade to unlimited number of users.

No need to have new ASA, all you need is a license that matches your needs, and matches the network design.

About the concurrent connections, I think that 10.000 is the maximum number that the ASA can handle at all from all the users, and in all the directions, and this is also depends on the license.

As an example, if you have unlimited users, then the maximum number of concurrent connections that the ASA can handle is 10.000.

Anyway, this can help you on this:

http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html#wp1457605

and I think that the configuration guide (manage license section can answers this in more details).

Please look again at the link I posted to the licensing matrix.

You do not need a 5510. You can get a 50 or unlimited user optional license for the 5505. This can be at the time of purchase or can be added on later.

Sent from Cisco Technical Support iPhone App

Back to the original question I am looking at implementing an IPSEC VPN Client solution for my customer but do not have a support contract so will need to buy the client software.

Can anyone let me know the part numbers I will require for the client software and a riough idea of cost?

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: