Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

A few VPN questions

We have 3 VPN concetrators and an ASA 5520.  My first question is, can we do SSL VPN with a Cisco ASA now?  Do I need any specific Cisco software to accomplish this?  And does it come with a product similar to host checker so one can perform NAC functions?

Second, is there an application out there that will convert a Cisco VPN Concentrator 3060 configuration to Cisco ASA 5520 configuration?

I appreciate all the time and effort you all put into this and thank you for all teh help in the past.


Dwane

Everyone's tags (3)
3 REPLIES

Re: A few VPN questions

Hi,

Yes you can do clientless or client-based SSL VPNs on ASAs.

Clientless SSL:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/webvpn.html

Client-based SSL (AnyConnect):

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/svc.html

I don't think we have access to such a tool, but I believe that TAC does (to convert the configuration from Concentrator to ASA).

Federico.

Cisco Employee

Re: A few VPN questions

Dwane,

ASA has webvpn built in... and most of the stuff you did on vpn3k will also work on ASA (plus MUCH more).

However ASA licenses usage of webvpn.

There is Cisco Secure Desktop  and Endpoint Assessment if you're interested with NAC-like features.

I vaguely remember someone mentioning some tool to migrate configuration from vpn3k to ASA could not find it however.

Hope this gets you started:

http://www.cisco.com/en/US/docs/security/asa/asa72/vpn3000_upgrade/upgrade/guide/midiffs.html

Bronze

Re: A few VPN questions

Hi Dwane,

there are a few but sparse documents, describing how to migrate remote access VPN from 3000 concentrators to ASA but the good news is that the main concepts didn't change a lot. A google search of "site:cisco.com migrating remote access vpn from concentrator to ASA will help a lot.

The main document is: http://www.cisco.com/en/US/docs/security/asa/asa70/vpn3000_upgrade/upgrade/guide/migr_vpn.html

I have to admit I'm not aware of any tool that would convert the config directly, I'm afraid you would need to build the new config yourself.

SSL VPNs are covered on the ASA even with more features than the original concentrator features but only two simultanous connections are included in the standard licences, upgrades can be purchased.

You do not need any special software for SSL VPNs, only the number of simultanous connections is an issue. ASA supports alls variants of Cisco SSL VPNs: clientless (portal, but with enhanced features), thin client (port redirect), CSD (Cisco Secure Desktop) and Cisco Anyconnect.

NAC is also supported from the first version (7.0).

Rgds, MiKa

316
Views
0
Helpful
3
Replies