12-07-2011 03:11 AM - edited 02-21-2020 05:45 PM
Hello
I plan to update from cisco ipsec vpn to ssl vpn.
I want to buy: AnyConnect Essentials license.
I found some information:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-527494.html
I do not need web vpn or secure desktop or any other security feature (ironport, NAC and others).
From this documents i assume that i need to buy only essentials license to have klient anyconnect access from all devices (including android Anyconnect Secure Mobility Client).
But....i found also:
and it's written:
[code]
AnyConnect for Android connections require the following licenses on the ASA:
•One of the following AnyConnect core license options:
–Cisco AnyConnect Essentials license (L-ASA-AC-E-55XX=), sufficient for ASA Release 8.2 or later.
–Cisco AnyConnect Premium Clientless SSL VPN Edition license (L-ASA-AC-SSL-YYYY=), required for ASA Releases 8.0(3) or later.
•AnyConnect Mobile license (L-ASA-AC-M-55XX=).
[/code]
So what do i need ? And what about apple iphone/ipad access ? Again: i do not need any security feature, just pure vpn access.
Thanx
12-09-2011 10:46 AM
I just went through evaluating this myself.
For iPhone access, the native VPN client built into iOS will connect to the ASA using IPsec VPN just fine.
For Android, you have two choices.. you can either upgrade your ASA to 8.4 and use the Android's native IPsec VPN functionality, or you can use the Cisco AnyConnect Secure Mobility client. In the latter case, you will need both the AnyConnect Essentials license AND the AnyConnect Mobile license.
I figured the AnyConnect licensing would be a no-go based on cost, but I was shocked to find out that Cisco slashed the pricing pretty substantially since last time I looked at it (1+ yr ago).
Good luck,
Dan
12-11-2011 11:13 PM
For android i have options (PPTP and pure L2TP are not good choices):
L2TP/IPSec PSK
L2TP/IPSec Certificate
I could use L2TP/IPSec PSK, but ASA support it only for default tunnel-group - and i already use it for other purpose.
L2TP/IPSec Certificate on ASA is supported for any tunnel-group/group-policy.
What feature do you get when upgrading ASA to 8.4 ? You're not forced to use default tunnel-group any more ?
Thanx
01-25-2012 12:16 AM
Hello
I have (maybe) the same problem, i want to user classic Client IPSEC vpn and l2tp/IPSEC VPN (ikev1) on the same asa.
I have tried yesterday and i got the l2tp working but the client IPSEC does not work anymore, phase 1 and Xauth is working
but then there is no sa.
Do i have a config mistake or is this simple not possible?
I have 8.4.2 running
regards
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide