06-09-2009 09:45 AM - edited 02-21-2020 04:15 PM
Hello everyone.
We currently have our ASA 5510 setup for IPSec VPN connectivity. We have some 64bit Vista users and since the Cisco client does not support 64bit Vista we opted to try to setup our ASA 5510 with Anyconnect.
My question is. Since we currently have IPSec VPN setup, can we also have the SSL VPN setup with AnyConnect?
(i'm not a cisco router person, so please excuse my inexperience)
Thanks :)
06-09-2009 10:13 AM
My question is. Since we currently have IPSec VPN setup, can we also have the SSL VPN setup with AnyConnect?
Brien, yes.. you can have both Ipsec VPN for your regular cisco vpn clients, SSL for Web VPN, and/or SSL Annyconnect client. You can have all these two VPN technologies running in your firewall.
Best thing is to go to this link and take a quick tour of SSL VPN technology.
SSL/IPsec VPN Services for the Cisco ASA Series
http://www.cisco.com/en/US/prod/vpndevc/ps6032/ps6094/ps6120/asa_ssl.html
Details in SSL licensing - by default ALL ASA comes with two FREE SSL licenses, that will provide 2 SSL concurrent connections , that is two users using WebVPN or Annyconnect, if you need more than two SSL connections you have to purchase more licenses.
Clientless SSL VPN (WebVPN)
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml
See SSL VPN/Web VPN mid page down to learn different types of WebVPN/Annyconnect deployment scenarios
http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
Regards
06-09-2009 10:24 AM
Is there anywhere I can check in our ASA to see if we have more SSL licenses?
Two licenses will limit the 4 or so 64bit users we have.. But if that's how it has to be we can schedule their VPN time.
Thanks for the info.. i'm looking through it now :)
Brian
06-09-2009 10:26 AM
Do show version , and look for SSL VPN peers.
example on asa5505:
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 20, DMZ Unrestricted
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 25
Dual ISPs : Enabled
VLAN Trunk Ports : 8
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
[edit]
Two licenses will limit the 4 or so 64bit users we have.. But if that's how it has to be we can schedule their VPN time.
I guess you could do that SSL vpn scheduling, you could actually schedule SSL vpn connection time in the tunnel profile per user .., unfortunately you cannot buy additional 2 SSL licenses, they are sold as bulk of 25, 50, and so on...
06-09-2009 11:39 AM
Thanks for the info..
It looks like we only have the 2 default SSL licenses.
Seems we will be having a Cisco guru here in the next week or so to check over our current config and see how it meets our needs.
Thanks for your time, it helped :)
06-09-2009 12:36 PM
You're welcome.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide