ASA 5505. Need to setup remote access for home users, and really need some help deciding which method to implement. CSD, WebVPN, Citrix, Cisco VPN client??? With 25 IPSec VPN peers and 2 SSL VPN peers, are there limitations to which method I choose?
Well, we are looking to provide remote desktop to about 10 users. Pretty much free to do what ever I want as far as the policies go.
My thoughts were to either use the VPN client, then an internal IP to a citrix box (that is what we do now with Checkpoint), or use WebVPN and citrix web client with a public IP. With only two SSL licenses, does that mean only two users can connect? Not sure exactly how the SSL licenses work.
As far as the VPN client; having to setup IP pools - how would I handle users that travel?
You get 2 SSL licenses free of charge - and yes only 2 users can connect at anyone time. You also have to wait for the session to timeout/clear when one of the users disconnects - not great. You buy them in 10,25,50,100 packs - not sure of the pricing!
You can setup IP pools for the VPN users, you would handle them the same way. They get and internet connection and fire up the VPn client and connect. They don't do anything different.
To give you an idea - I have 2500 remote users, at anyone time I have 250 people connected into my core ASA in London. I have Avaya remote VPN phones, that are deployed all over the world - they also connect into my core - sperate IP pools for sperate VPN profiles. I have a VPN phone that is in Boston/US - that connects into London :o)
Thanks for the insight. I think I was misunderstanding what the IP pool does. I thought it was a list of IP address that are allowed to connect to the VPN, but I think that I understand now that the IP pool is just the (private) IP address that are assinged to a client once a VPN connection is established?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :