cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
222
Views
0
Helpful
3
Replies

Product Selection sanity check

Chris B
Level 1
Level 1

Here's my use case:

My office has been connecting to a remote VPN using the AnyConnect client.  We are encountering a situation where we need to connect internet-ready devices, that don't support AnyConnect, to the VPN to access secure data (devices such as Smart TVs, etc.)  The obvious solution is a router-to-router VPN tunnel, such that systems here don't need individual clients.  Making changes at the far end is not an option.

The ASA 5505 (plus Premium Anyconnect License) has been recommended for this, but after doing some reading I'm not certain that the use case was understood - the few bits I've read about the "clientless VPN" seem to be discussing PCs without the client connecting, and the client being pushed to them.  Unless I'm the one misunderstanding the discussion.  smiley

The other bit that's confusing me is this - when I look for prices on the ASA 5505, I see that any given retailer has a half-dozen sub-models with different prices.  For some the difference is obvious - prebundled licences, primarily.  For others, not so much.  At this point, I don't know if I need a specific sub-model, or any ASA 5505 + AnyConnect Premium License.

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

The AnyConnect Premium license is used for clientless remote accessVPN which means the remote user (or device) accesses the VPN via a web browser and does not require any other software client (such as the AnyConnect Secure Mobility software which is used for full tunnel remote access VPN). In either case, these are fundamentally of the class known as "remote access VPN".

If you want to allow devices to connect to remote systems without using any client software (not even a browser) then you need a site-to-site VPN. That requires a firewall (such as the 5505) at your end and a configuration being put onto both it and the remote site firewall to establish a tunnel, route traffic into it, etc.

In the case of a site-to-site VPN, AnyConnect (either Premium or Essentials) is not used at all. The 5505 is very limited and you would need to add licensing in your use case primarily if you anticipate having more than 10 hosts talking to the remote site. The 5505 base license only allows 10 hosts on the inside network. You can add licenses to increase that to 50 or unlimited. You can see the various license types for the 5505 here.

Thank you very much for clarifying that.

 

I doubt we'd be able to get any specific configuration changes made on the remote firewall, though, as it belongs to a business partner, not us.  That's why we were hoping to establish a tunnel via our existing AnyConnect VPN access.

 

Sounds like it's "Back to the drawing board."

You're welcome.

Please rate useful answers and mark your question as answered when it has been.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: