Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Cisco Anyconnect and IPSEC vpn coexist on ASA 5520?

Can a Cisco ASA 5520 that has been configured as an IPSEC VPN gateway and servicing IPSEC vpn clients also be configured as an ANYCONNECT VPN gateway and service anyconnect vpn cleints simultaneously? Any negative impacts on performance or any other issues that anyone is aware of?

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Cisco Anyconnect and IPSEC vpn coexist on ASA 5520?

I assume by 2 connection limit you are referring to the 2 licenses for anyconnect?  You should investigate using the anyconnect essentials license, which is relatively cheap (100-200 dollars I think) and will allow you to go to the platform limit with anyocnnect.

You shouldn't have any issue using the IPSEC client with LDAP.  This is quite common - my company does both IPSEC and Anyconnect off the same interface using ldap authentication (even the same group-policy) for both.

--Jason

7 REPLIES
Cisco Employee

Cisco Anyconnect and IPSEC vpn coexist on ASA 5520?

Raj,

This is perfectly acceptable and there are no averse performance or effects.  Lots of companies (including my own) do this.

--Jason

New Member

Cisco Anyconnect and IPSEC vpn coexist on ASA 5520?

I currently have the ASA 5510 configured this way, 8.0(4).  One thing that I can't find an anwser for is if both clients can use LDAP.  I have the anyconnect client using LDAP, but limited by the 2 connection limit.  I am hoping to use the 5.0.07 client with LDAP and not have that limitation.  Does anybody know if that works?

New Member

Cisco Anyconnect and IPSEC vpn coexist on ASA 5520?

Thanks for the reply, we are trying to connect IPADs to our corporate network and wanted to use Anyconnect for that. We currently use LDAP on the IPSEC vpn side for our windows machines for username/password. I plan on using LDAP with anyconnect for the IPADs as well so yeah, if anyone knows of any limitation with this or if this will not work, that information would be greatly appreciated.

Cisco Employee

Cisco Anyconnect and IPSEC vpn coexist on ASA 5520?

I assume by 2 connection limit you are referring to the 2 licenses for anyconnect?  You should investigate using the anyconnect essentials license, which is relatively cheap (100-200 dollars I think) and will allow you to go to the platform limit with anyocnnect.

You shouldn't have any issue using the IPSEC client with LDAP.  This is quite common - my company does both IPSEC and Anyconnect off the same interface using ldap authentication (even the same group-policy) for both.

--Jason

New Member

Cisco Anyconnect and IPSEC vpn coexist on ASA 5520?

Thanks Jason. Appreciate the help.

Raj

New Member

Cisco Anyconnect and IPSEC vpn coexist on ASA 5520?

As a follow up, I was just missing one command to make LDAP work with the IPSEC 5.x client.  I had to enable user authentication on the tunnel group; no  isakmp ikev1-user-authentication none.  Once that was done, a box pops up after the initial connection for your AD user name and password.  I am checking into the AnyConnect Essential Licensing too to get beyond the 2 connection limit.  I was quoted a one-time fee of about $2k for a 25 user license.

Thanks,

Kyle

New Member

Cisco Anyconnect and IPSEC vpn coexist on ASA 5520?

It was recommended we use the Premium licenses instead of the Essentials but I am researching the differences. So far it looks like the premium is needed if you ever want to use the clientless features of the ASA.

Brent

1627
Views
0
Helpful
7
Replies
CreatePlease to create content