×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Difference Between These Remote VPNs

Answered Question
Jan 7th, 2014
User Badges:

Hi everyone,


I am studying for CCNP VPN exam.


Need to confirm


1>SSL Full tunnel with AnyConnect Client Software--


user need software on PC to connect and they get IP from the DHCP pool on the ASA.


2>IPSEC RA full tunnel VPN Client or Anyconnect --


Are above Remote VPN types same.

To me they look similar.


Need to know if there is any difference between them?


Regards


MAhesh

Correct Answer by Richard Burts about 3 years 7 months ago

Mahesh


Your question asks if both types are the same or if there are differences. I believe that the answer might vary depending on how deeply you look into them.


They are the same in that both describe a Remote Access VPN that is client based (the end user must have client software installed and run it to get the VPN) and sends all traffic through an encrypted tunnel.


They are different in terms of the encryption technology that they use. The first one specifies SSL encryption (which uses TCP port 443). The second one uses IPSec and ISAKMP (typically IP protocol 50 and UDP port 500).


So from the perspective of a user they both produce pretty much the same experience and a user would not see any particular difference. From the perspective of a network engineer they are different in terms of the technologies that they use and the protocols/port numbers that they use.


Jouni is correct that the first one is only available using AnyConnect. The second one is available using the traditional IPSec client and also if using recent versions of AnyConnect client (which uses ISAKMPv2 and IPSec).


HTH


Rick

Correct Answer by Jouni Forss about 3 years 7 months ago

Hi,


Well to me it seems that the first one refers to the AnyConnect Client only and that is logical as it mentions SSL Full Tunnel specifically. AnyConnect is Ciscos SSL VPN Client software. The old VPN Client software can't do this.


The second just mentions IPsec RA Full Tunnel VPN Client and AnyConnect. So it both refer to the AnyConnect Client and the old Cisco VPN Client software that both can do IPsec




- Jouni

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jouni Forss Tue, 01/07/2014 - 23:34
User Badges:
  • Super Bronze, 10000 points or more

Hi,


Well to me it seems that the first one refers to the AnyConnect Client only and that is logical as it mentions SSL Full Tunnel specifically. AnyConnect is Ciscos SSL VPN Client software. The old VPN Client software can't do this.


The second just mentions IPsec RA Full Tunnel VPN Client and AnyConnect. So it both refer to the AnyConnect Client and the old Cisco VPN Client software that both can do IPsec




- Jouni

Correct Answer
Richard Burts Wed, 01/08/2014 - 08:17
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Mahesh


Your question asks if both types are the same or if there are differences. I believe that the answer might vary depending on how deeply you look into them.


They are the same in that both describe a Remote Access VPN that is client based (the end user must have client software installed and run it to get the VPN) and sends all traffic through an encrypted tunnel.


They are different in terms of the encryption technology that they use. The first one specifies SSL encryption (which uses TCP port 443). The second one uses IPSec and ISAKMP (typically IP protocol 50 and UDP port 500).


So from the perspective of a user they both produce pretty much the same experience and a user would not see any particular difference. From the perspective of a network engineer they are different in terms of the technologies that they use and the protocols/port numbers that they use.


Jouni is correct that the first one is only available using AnyConnect. The second one is available using the traditional IPSec client and also if using recent versions of AnyConnect client (which uses ISAKMPv2 and IPSec).


HTH


Rick

mahesh18 Wed, 01/08/2014 - 09:17
User Badges:

Hi Rick & Jouni,


Thanks for taking time and explaining it to me.

Its always pleasure to get replies from you.


Best Regards


Mahesh

Actions

This Discussion