cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1394
Views
0
Helpful
5
Replies

Why Annyconecct is better than vpn client ?

Dr.X
Level 2
Level 2

why anyconnect is better than cisco vpn client ?

what is its advangatges ?

 

i think that both are remoteaccess vpn .

why its better ?

1 Accepted Solution

Accepted Solutions

johnlloyd_13
Level 9
Level 9

hi,

you're in luck, i just read the anyconnect chapter (VPN 642-648).

as per my notes, the anyconnect is becoming the preferred method of establishing full-tunnel VPN connection over the older IPsec VPN client software.

it's a better VPN solution because it's highly flexible and scalable. we can deploy it to our corporate users wherever they are (hence, the term 'anyconnect'), install and connect to HQ automatically, detect if the remote user/machine is in the office or not and install automatic policy updates.

it's super secure too. the anyconnect client operates by building a secure Sockets Layer/Transport Layer Security (SSL/TLS), Datagram Transport Layer Security (DTLS), or IKEv2 connection and tunneling remote user application traffic through the established session.

 

 

 

View solution in original post

5 Replies 5

johnlloyd_13
Level 9
Level 9

hi,

you're in luck, i just read the anyconnect chapter (VPN 642-648).

as per my notes, the anyconnect is becoming the preferred method of establishing full-tunnel VPN connection over the older IPsec VPN client software.

it's a better VPN solution because it's highly flexible and scalable. we can deploy it to our corporate users wherever they are (hence, the term 'anyconnect'), install and connect to HQ automatically, detect if the remote user/machine is in the office or not and install automatic policy updates.

it's super secure too. the anyconnect client operates by building a secure Sockets Layer/Transport Layer Security (SSL/TLS), Datagram Transport Layer Security (DTLS), or IKEv2 connection and tunneling remote user application traffic through the established session.

 

 

 

hi , 

thanks alot John ,

 

plz let me ask u another question ,

 

now i have a license on the asa that allow me to extend the number of ssl client to 25 clients .

the question is ,

if  i want to make ssl vpn server on the asa 5505

 

do i need to buy ssl certificate ???

 

can i do it without this oruchased certificate ?

why  i need this certificate ?

 

i mean in ssl vpn , i did it without this certificate  , why in anyconnect server it is mandatory ???

 

agian , can i bypass the ssl certificate request int eh asa for the cnnyconnect setver ??

 

regards

hi,

by default, the ASA outside interface has no SSL certificate to present to its outside users. you can use the self-generated SSL certificate but it gets renewed each time ASA reboots. this will cause and display an error on user's web browser (which we don't want by the way).

it's our job to present outside users with a safe and protected web experience and to do that you'll need to a paid SSL certificate.

i'll also share this info/URL in my notes, wherein you can find more info and get a free SSL certificate (trial version) for your ASA:

http://www.entrust.net/cisco/

also, i haven't got in too deep with anyconnect yet and just started with basics of SSL VPN. please feel free to check out my blog from time to time:

http://ccnpsecuritywannabe.blogspot.com/2014/03/deploying-clientless-ssl-vpn-webvpn.html

Regarding "bying a certificate":

There are CA-vendors that give you valid/trusted certificates for free or for a quite small fee. Personally I got mine from startssl.com where certs for one year are free. There are more vendors with free certs like this, but with them I don't have any experience.

shamax_1983
Level 3
Level 3

The other thing is that, Cisco does not support traditional VPN on Windows 8.X.  I have run in to lots of issues trying to install  Cisco VPN client on Windows 8.x clients..  it sometimes work and sometimes it needs registry hacks etc.. really painful setup for the network engineer.  So Anyconnect is preffered.

Also, since SSL uses port 443/SSL by default,  it does not need any ALG (Application Layer Gateway) functionality in remote end user's routers to operate, and will simply work with normal PAT which is always on..  with traditional IPSec VPN, since it uses ESP, you need to have AGL turned on on the user's GW router (this is normally called IPSec VPN pass through mode) and this sometimes doesn't work the way you want specially on the older residential routers. When this happens you really don't have any other option for those users.. and your only response would be "Sorry your router does not support this kind of VPN  or  your router does something strange with the VPN  so Please upgrade your router" which is something the normal residential user don't want to hear.. and something you want to tell them..

So SSL VPN is the way to go..

please rate helpful posts :) 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: