Solved: Difference Between These Remote VPNs

mahesh18 · ‎01-07-2014

Hi everyone,

I am studying for CCNP VPN exam.

Need to confirm

1>SSL Full tunnel with AnyConnect Client Software--

user need software on PC to connect and they get IP from the DHCP pool on the ASA.

2>IPSEC RA full tunnel VPN Client or Anyconnect --

Are above Remote VPN types same.

To me they look similar.

Need to know if there is any difference between them?

Regards

MAhesh

Jouni Forss · ‎01-07-2014

Hi,

Well to me it seems that the first one refers to the AnyConnect Client only and that is logical as it mentions SSL Full Tunnel specifically. AnyConnect is Ciscos SSL VPN Client software. The old VPN Client software can't do this.

The second just mentions IPsec RA Full Tunnel VPN Client and AnyConnect. So it both refer to the AnyConnect Client and the old Cisco VPN Client software that both can do IPsec

- Jouni

View solution in original post

Richard Burts · ‎01-08-2014

Mahesh

Your question asks if both types are the same or if there are differences. I believe that the answer might vary depending on how deeply you look into them.

They are the same in that both describe a Remote Access VPN that is client based (the end user must have client software installed and run it to get the VPN) and sends all traffic through an encrypted tunnel.

They are different in terms of the encryption technology that they use. The first one specifies SSL encryption (which uses TCP port 443). The second one uses IPSec and ISAKMP (typically IP protocol 50 and UDP port 500).

So from the perspective of a user they both produce pretty much the same experience and a user would not see any particular difference. From the perspective of a network engineer they are different in terms of the technologies that they use and the protocols/port numbers that they use.

Jouni is correct that the first one is only available using AnyConnect. The second one is available using the traditional IPSec client and also if using recent versions of AnyConnect client (which uses ISAKMPv2 and IPSec).

HTH

Rick

HTH

Rick

View solution in original post

Jouni Forss · ‎01-07-2014

Hi,

Well to me it seems that the first one refers to the AnyConnect Client only and that is logical as it mentions SSL Full Tunnel specifically. AnyConnect is Ciscos SSL VPN Client software. The old VPN Client software can't do this.

The second just mentions IPsec RA Full Tunnel VPN Client and AnyConnect. So it both refer to the AnyConnect Client and the old Cisco VPN Client software that both can do IPsec

- Jouni

Richard Burts · ‎01-08-2014

Mahesh

Your question asks if both types are the same or if there are differences. I believe that the answer might vary depending on how deeply you look into them.

They are the same in that both describe a Remote Access VPN that is client based (the end user must have client software installed and run it to get the VPN) and sends all traffic through an encrypted tunnel.

They are different in terms of the encryption technology that they use. The first one specifies SSL encryption (which uses TCP port 443). The second one uses IPSec and ISAKMP (typically IP protocol 50 and UDP port 500).

So from the perspective of a user they both produce pretty much the same experience and a user would not see any particular difference. From the perspective of a network engineer they are different in terms of the technologies that they use and the protocols/port numbers that they use.

Jouni is correct that the first one is only available using AnyConnect. The second one is available using the traditional IPSec client and also if using recent versions of AnyConnect client (which uses ISAKMPv2 and IPSec).

HTH

Rick

HTH

Rick

mahesh18 · ‎01-08-2014

Hi Rick & Jouni,

Thanks for taking time and explaining it to me.

Its always pleasure to get replies from you.

Best Regards

Mahesh