Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

SSL VPN on ASA (Over 300+ Users)

I am looking for a SSL VPN Solution for our Company that would scale to 700+ users in the next few years.  We are currently using the Avetail SSL VPN, and although it does a good job, the licenses are a bit expensive and we do have an opportunity to evaluate other solutions.

Anyone is using the Cisco SSL VPN for somewhat large user population?  Is it stable?  Any input you can provide would be much appreciated…Even recommending something else.

I am very familiar with Cisco’s IPSec VPN on the ASA and concentrator, but don’t have much experience with the SSL VPN.

Thanks

3 REPLIES
Silver

Re: SSL VPN on ASA (Over 300+ Users)

Hi,


Anyconnect using ASAs as head end devices should be able to fit your requirements quite well.  There are a number of different models that can scale up and over 700 users.  The data sheet here will list the platform limitations for each ASA model http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd80402e3f.html.

In regard to costs if you are just looking to provide ipsec client replacement/full tunnel access a license called 'Anyconnect essentials' can be purchased.  The premium sslvpn licenses are bought on a per-user basis and provide clientless access, CSD, Endpoint assessment, along with Anyconnect access.  If you just need Anyconnect access the 'Anyconnect essentials' license is reduce cost and a per box (rather than per user) feature.

In regards to high availability you can either cluster the ASAs together in a load balance fashion or go for a Active/Standy situation.  There are also features like Optimal Gateway Selection and backup server lists (configured in Anyconnect profiles) that will allow for geographic backup/failover.

The anyconnect has complete feature parity with the ipsec client plus extended OS support and features.

I didn't want this to sound too much like a sales pitch but I have seen a good number of companies running Anyconnect as their primary remote access solution (usually migrated from the ipsec to Anyconnect with minimal/no distruption to users).  Let us know if you have more specific questions.

-Jay

Community Member

Re: SSL VPN on ASA (Over 300+ Users)

Thanks Jay!  I have a bunch of other question..Who in Cisco I can talk to about this?

Thanks

Silver

Re: SSL VPN on ASA (Over 300+ Users)

Isalem,

Unfortunately I do not have a specific contact for you.  Within our sales organization we have specialist that should be able to answer any of those questions.  I would suggest getting in contact with your local sales rep and he/she should be able to put you in contact with the specialists.

-Jay

451
Views
4
Helpful
3
Replies
CreatePlease to create content