×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Clientless and anyconnect vpn with certificate at asa 5505

Unanswered Question
Apr 8th, 2012
User Badges:

hi dears. i configurated clientless remote-access vpn at asa 5505. authentication with tacacs and certificate server. all of them ar ok and working.

now i want to configurate cisco anyconnect vpn at same asa. and anyconnect vpn also authenticate tacacs ans certificate server.


is it possibly i configurate the anyconnect vpn at sama asa? is there occurs any problems with certificate process? my certificate server is the same

so the root certificate is same and asa also same asa so can i need the do the second certificate process with anyconnect vpn??

please ask my questions.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
david.g.white Mon, 04/09/2012 - 03:53
User Badges:

The basic question to ask / answer is:- what are you intending to use the different VPN connection types for ?


Conventionally you would use


1- clientless VPN to give none business devices access to a restricted set of resources

And

2- AnyConnect to give business laptops remote access to a larger set of LAN resources.


What is your plan






Sent from Cisco Technical Support iPad App

teymur azimov Mon, 04/09/2012 - 04:38
User Badges:

my boss want to use anyconnect vpn so i must be configurated.


please answer my questions.


is it possibly i configurate the anyconnect vpn at sama asa? is there occurs any problems with certificate process? my certificate server is the same

so the root certificate is same and asa also same asa so can i need the do the second certificate process with anyconnect vpn??

please ask my questions.

thanks David

david.g.white Fri, 04/13/2012 - 12:55
User Badges:

The situation is unclear.


Yes you can use the same certificate, but you may not want to from a security point of view.


If you have used a public certificate issued by an Internet service such as verisign, then anybody with a verisign certificate and the anyconnect client could connect to your gateway.


In many situations this would not be acceptable and the anyconnect profile would not use a public cert?


it depends on your security stance?



Sent from Cisco Technical Support iPad App

vabruno Sun, 04/15/2012 - 16:22
User Badges:

To answer your question, yes you can enable both Anyconnect clientless and Anyconnect client using the same certificate.


Sent from Cisco Technical Support iPad App

Actions

This Discussion