Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

different types of vpn

I am very familiar with IPSEC (site to site and remote access) vpns, but i would like to know exactly how the clientless ssl vpn and the ssl vpn client (anyconnect) work in terms of its configuration\setup and features. In what applications should this type of setup be used?

does the ssl vpn client (any clientless) require a group authentication name and a shared secret like the ipsec vpn?

Cisco Employee

Re: different types of vpn

In its most basic form, you do not need a group (all connections will land on the DefaultWebvpnGroup which is created by default, with a default config that you can modify).

However, you can also create groups (connection profiles in ASDM-lingo) and group policies, or push attributes from a Radius server just like with IPsec.

There is no group password, so by default any user can connect to any group (provided that they pass the authentication configured for that group), but there are ways to prevent this (e.g. the Radius server can specify which group a certain user can only connect to).

What happens after connecting is quite different with clientless, you may think of it more as a kind of HTTP proxy.

Anyconnect is quite similar to the ipsec client as far as usage is concerned.

I think you can find numerous examples on, e.g.



New Member

Re: different types of vpn

What about the anyconnect software, does it only support SSL? what type of setups does it support? can you pls send me an example if you have any?

also where would you use it as opposed to the clientless (webvpn)?

Cisco Employee

Re: different types of vpn

Yes Anyconnect only supports SSL at this time (this may or may not change at some point in the future).

Type of setup: you can pre-install the client on a workstation just like the ipsec client, or you can have the user download it at first use and then keep it installed, or you can have the user download it on every use.

Installation requires admin privileges though (at least on Windows, not sure about Mac and Linux) so this could be one reason to opt for clientless (e.g. for use in Internet cafe's etc.)

The same group can support both clientless and anyconnect, so the user can choose at connect time.

A good example of a basic config can be found here:

(note that in the config, anything anyconnect related still uses the lecagy name "svc" - short for SSL Vpn Client, the old name for Anyconnect).

Much more details can be found in the admin guide:



CreatePlease to create content