Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2810
Views
0
Helpful
3
Replies

Anyconnect Essentials and Android access

mlopacinski
Level 1
Level 1

‎12-07-2011 03:11 AM - edited ‎02-21-2020 05:45 PM

Hello

I plan to update from cisco ipsec vpn to ssl vpn.

I want to buy: AnyConnect Essentials license.

I found some information:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/overview_c78-527488_ns347_Networking_Solutions_Brochure.html

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-527494.html

I do not need web vpn or secure desktop or any other security feature (ironport, NAC and others).

From this documents i assume that i need to buy only essentials license to have klient anyconnect access from all devices (including android Anyconnect Secure Mobility Client).

But....i found also:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect24/release/notes/rn-ac2.4-android.html

and it's written:

[code]

AnyConnect for Android connections require the following licenses on the ASA:

One of the following AnyConnect core license options:

Cisco AnyConnect Essentials license (L-ASA-AC-E-55XX=), sufficient for ASA Release 8.2 or later.

Cisco AnyConnect Premium Clientless SSL VPN Edition license (L-ASA-AC-SSL-YYYY=), required for ASA Releases 8.0(3) or later.

AnyConnect Mobile license (L-ASA-AC-M-55XX=).

[/code]

So what do i need ? And what about apple iphone/ipad  access ? Again: i do not need any security feature, just pure vpn access.

Thanx

Labels:
0 Helpful
3 Replies 3

droberts29
Level 1
Level 1

‎12-09-2011 10:46 AM

I just went through evaluating this myself. 

For iPhone access, the native VPN client built into iOS will connect to the ASA using IPsec VPN just fine. 

For Android, you have two choices.. you can either upgrade your ASA to 8.4 and use the Android's native IPsec VPN functionality, or you can use the Cisco AnyConnect Secure Mobility client.  In the latter case, you will need both the AnyConnect Essentials license AND the AnyConnect Mobile license.

I figured the AnyConnect licensing would be a no-go based on cost, but I was shocked to find out that Cisco slashed the pricing pretty substantially since last time I looked at it (1+ yr ago).

Good luck,

Dan

0 Helpful

mlopacinski
Level 1
Level 1
In response to droberts29

‎12-11-2011 11:13 PM

For android i have options (PPTP and pure L2TP are not good choices):

L2TP/IPSec PSK

L2TP/IPSec Certificate

I could use L2TP/IPSec PSK, but ASA support it only for default tunnel-group - and i already use it for other purpose.

L2TP/IPSec Certificate on ASA is supported for any tunnel-group/group-policy.

What feature do you get when upgrading ASA to 8.4 ? You're not forced to use default tunnel-group any more ?

Thanx

0 Helpful

christian.geissler
Level 1
Level 1
In response to mlopacinski

‎01-25-2012 12:16 AM

Hello

I have (maybe) the same problem, i want to user classic Client IPSEC vpn and l2tp/IPSEC VPN (ikev1) on the same asa.

I have tried yesterday and i got the l2tp working but the client IPSEC does not work anymore, phase 1 and Xauth is working

but then there is no sa.

Do i have a config mistake or is this simple not possible?

I have 8.4.2 running

regards

Chris

0 Helpful
Customers Also Viewed These Support Documents