The legacy Cisco IPsec client works with an IPsec remote access (RA) VPN.
The AnyConnect Secure Mobility client supports two types of RA VPN configurations:
1. IPsec only with IKEv2 (requires updated software and configuration to replace an IPsec IKEv1 RA VPN)
2. Full-tunnel SSL VPN
So the head end (ASA or IOS router) needs to change configuration as well if you desire to change clients.
If you deploy via a package on the headend you would use:
If you deploy as a standalone package (i.e not downloading from head end) then use:
In the case of the ISO file you need to unpackage it (I find 7-zip works nicely) and run "setup.exe" from the included files (allows you to choose from among all the modules) or just the "anyconnect-win-3.1.05170-pre-deploy-k9.msi" (VPN module only). You can also burn the ISO to a DVD or CD if you're so inclined.
Note the above files are the current releases as of 1 July 2014. Future readers of this thread will have to check for current releases.
Are we definately talking about the same thing? At the moment i am using the Cisco Systems VPN client Version 5.0.07.0290 to login and authenticate on the Cisco ASA remotely. Then i have the firewall rules in place to talk to certain servers on the network.
I was under the impression i need to move to Cisco Anyconnect soon?
Yes, migration off of the Cisco VPN client for a remote access VPN is the Cisco-recommended path for migration away from the legacy client which is discontinued and thus no longer being developed / updated for Windows 8 etc.
As Richard noted in his reply, it is separately licensed so it is more than simply changing a few configuration bits (although that is the bulk of the work and can be done in a basic way as Karthik explained in his earlier reply). There are also many many other options and enhanced fucntions one has implement on an AnyConnect-based remote access VPN that were never available on the legacy VPN client.
Adding to the marvin's points... I prefer to keep present ipsec ra VPN and additionally you can configure cisco anyconnect ra vpn on to your asa..... do all the tests.... then you can removed the old ipsec ra vpn from the appliance....
the best method is if you add the required packages on the asa appliance.... if the end users authenticates with the new ssl vpn.... they will get auto downloaded with the anyconnect vpn client to their machine and getting that installed for them..... from there they can access the internal resources as defined in your policies....
You can defined the latest versions of client packages from the cisco site for win 7/8, linux , mac etc....
Make sure that you have the required anyconnect license to support your requirement....
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...