My office has been connecting to a remote VPN using the AnyConnect client. We are encountering a situation where we need to connect internet-ready devices, that don't support AnyConnect, to the VPN to access secure data (devices such as Smart TVs, etc.) The obvious solution is a router-to-router VPN tunnel, such that systems here don't need individual clients. Making changes at the far end is not an option.
The ASA 5505 (plus Premium Anyconnect License) has been recommended for this, but after doing some reading I'm not certain that the use case was understood - the few bits I've read about the "clientless VPN" seem to be discussing PCs without the client connecting, and the client being pushed to them. Unless I'm the one misunderstanding the discussion.
The other bit that's confusing me is this - when I look for prices on the ASA 5505, I see that any given retailer has a half-dozen sub-models with different prices. For some the difference is obvious - prebundled licences, primarily. For others, not so much. At this point, I don't know if I need a specific sub-model, or any ASA 5505 + AnyConnect Premium License.
The AnyConnect Premium license is used for clientless remote accessVPN which means the remote user (or device) accesses the VPN via a web browser and does not require any other software client (such as the AnyConnect Secure Mobility software which is used for full tunnel remote access VPN). In either case, these are fundamentally of the class known as "remote access VPN".
If you want to allow devices to connect to remote systems without using any client software (not even a browser) then you need a site-to-site VPN. That requires a firewall (such as the 5505) at your end and a configuration being put onto both it and the remote site firewall to establish a tunnel, route traffic into it, etc.
In the case of a site-to-site VPN, AnyConnect (either Premium or Essentials) is not used at all. The 5505 is very limited and you would need to add licensing in your use case primarily if you anticipate having more than 10 hosts talking to the remote site. The 5505 base license only allows 10 hosts on the inside network. You can add licenses to increase that to 50 or unlimited. You can see the various license types for the 5505 here.
I doubt we'd be able to get any specific configuration changes made on the remote firewall, though, as it belongs to a business partner, not us. That's why we were hoping to establish a tunnel via our existing AnyConnect VPN access.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :