Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
811
Views
0
Helpful
4
Replies

ASA 5510 SSL VPN questions

brenteverett
Level 1
Level 1

‎11-29-2010 08:05 AM

Hello!  I happen to have a spare ASA5510 laying around and was thinking of repurposing

it for a SSL VPN portal.  Here's the info on the device:

ASA5510-K8 with the Security Plus license, running ASA 7.0(6) wiht asdm 5.0(6) - I'm working on upgrading this to the latest version

I know I'll need to license some clients but what else will I need to do to use this device in this role?  Is the security plus license enough I do I need to look at something different?  It will be  a smallish deployement for 10-25 users (maybe 15 concurrently), will this work for that?

Thanks!

Labels:
0 Helpful
4 Replies 4

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎11-29-2010 09:27 AM

Hi,

The security plus is to enhance some features on the ASA (amount of IPsec VPNs for example).

The ASA comes with 2 SSL connections permitted.

To allow more SSL connections you requiere a license.

There are also different licenses depending if you want the AnyConnect or client-less SSLs with advanced features like Secure Desktop.

Check this for more information:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd80402e3f.html

Hope it helps.

Federico.

0 Helpful

brenteverett
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-29-2010 09:45 AM

What would the difference between the

two licensed features be?  (anyconnect and ssl vpn)

I don't have clear direction on what's expected out of this but up front they just want to be able to access resources on the network as if they were there (i.e. file shares, printers, exchange, etc).  I wouldn't mind having the capabilities of expanding it out further for vendor / vistor access to files etc (save on the huge emails) if that's possible.

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to brenteverett

‎11-29-2010 09:50 AM

SSL VPN comes in two ways:

Clientless or Client-based

Clienless is without any client on the remote computer (just using a browser).

It provides limited access to the internal network through a web portal for TCP applications.

Clientbased is having the AnyConnect software client installed on the remote computer that allows full access as an IPsec VPN client connection (no limits, all IP traffic)

Federico.

0 Helpful

brenteverett
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-29-2010 11:37 AM

Ok,

I appreciate your responsiveness to all this but I have more questions

     - Can you license it for both types of clients (like a catch all license)?

     - Are the licenses concurrent? (i.e. I might have 25 people that need access to the resources however only say 15ish at a time)

     - Are the licenses per seat? (i.e. not tied to one person)

Thanks for your help!

0 Helpful
Customers Also Viewed These Support Documents