We are going to buy ASA 5505 firewall for our SMB office. In the product specification is said, there are licenses needed for VPN and SSL.
I am a bit confused. Why I need VPN and SSL for firewall? When we run our web server the SSL certificate is on the server. Also for remote access we will have available licenses when we buy Citrix. How is the firewall VPN/SSL licensing involved in this? Do wee need those additional modules?
The datasheets are a bit confusing. Cisco has a feature called SSL VPN available on the ASAs. This feature allows you to setup browser based VPN termation through SSL web sessions directly to the firewall. To use this feature you have to have SSL VPN user licenses. (It comes with 2 licenses normally I think)
You do not need any additional licensing for VPN client users that are going to use the Cisco VPN client, or even Microsoft PPTP.
If you're primarly going to use Citrix as your remote access solution, then you may not even need to configure any VPN settings on the firewall, but rather just allow access through the firewall to the Citrix box and let it do all the encryption as needed via SSL and ICA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...