I am looking for a SSL VPN Solution for our Company that would scale to 700+ users in the next few years.We are currently using the Avetail SSL VPN, and although it does a good job, the licenses are a bit expensive and we do have an opportunity to evaluate other solutions.
Anyone is using the Cisco SSL VPN for somewhat large user population?Is it stable?Any input you can provide would be much appreciated…Even recommending something else.
I am very familiar with Cisco’s IPSec VPN on the ASA and concentrator, but don’t have much experience with the SSL VPN.
In regard to costs if you are just looking to provide ipsec client replacement/full tunnel access a license called 'Anyconnect essentials' can be purchased. The premium sslvpn licenses are bought on a per-user basis and provide clientless access, CSD, Endpoint assessment, along with Anyconnect access. If you just need Anyconnect access the 'Anyconnect essentials' license is reduce cost and a per box (rather than per user) feature.
In regards to high availability you can either cluster the ASAs together in a load balance fashion or go for a Active/Standy situation. There are also features like Optimal Gateway Selection and backup server lists (configured in Anyconnect profiles) that will allow for geographic backup/failover.
The anyconnect has complete feature parity with the ipsec client plus extended OS support and features.
I didn't want this to sound too much like a sales pitch but I have seen a good number of companies running Anyconnect as their primary remote access solution (usually migrated from the ipsec to Anyconnect with minimal/no distruption to users). Let us know if you have more specific questions.
Unfortunately I do not have a specific contact for you. Within our sales organization we have specialist that should be able to answer any of those questions. I would suggest getting in contact with your local sales rep and he/she should be able to put you in contact with the specialists.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...