Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN choices

ASA 5505. Need to setup remote access for home users, and really need some help deciding which method to implement. CSD, WebVPN, Citrix, Cisco VPN client??? With 25 IPSec VPN peers and 2 SSL VPN peers, are there limitations to which method I choose?

Thanks for any responses, Bill

1 ACCEPTED SOLUTION

Accepted Solutions

Re: VPN choices

Bill,

That is correct - just the IP addresses allocated to the remote users.

HTH.

6 REPLIES

Re: VPN choices

Bill,

It would depend on what services you have to supply for the remote users? Also what your IT security policy dictates on remote access?

CSD - that is tied into the WebVPN, you only have 2 licenses as standard so you would need to by more.

Citrix - are you talking about the Java Plugin, if so - that is also tied into WebVPN...license!

WebVPN - yep, been there!

VPN Client - for me a good all round solution, depends on what you want it to do.

Overall we use the Cisco Client, it's granular - we have internal people using it, we have external 3rd parties using it.

HTH.

New Member

Re: VPN choices

Well, we are looking to provide remote desktop to about 10 users. Pretty much free to do what ever I want as far as the policies go.

My thoughts were to either use the VPN client, then an internal IP to a citrix box (that is what we do now with Checkpoint), or use WebVPN and citrix web client with a public IP. With only two SSL licenses, does that mean only two users can connect? Not sure exactly how the SSL licenses work.

As far as the VPN client; having to setup IP pools - how would I handle users that travel?

Thanks for your time, Bill

Re: VPN choices

Bill,

Lucky you!!

You get 2 SSL licenses free of charge - and yes only 2 users can connect at anyone time. You also have to wait for the session to timeout/clear when one of the users disconnects - not great. You buy them in 10,25,50,100 packs - not sure of the pricing!

You can setup IP pools for the VPN users, you would handle them the same way. They get and internet connection and fire up the VPn client and connect. They don't do anything different.

To give you an idea - I have 2500 remote users, at anyone time I have 250 people connected into my core ASA in London. I have Avaya remote VPN phones, that are deployed all over the world - they also connect into my core - sperate IP pools for sperate VPN profiles. I have a VPN phone that is in Boston/US - that connects into London :o)

New Member

Re: VPN choices

Andrew,

Thanks for the insight. I think I was misunderstanding what the IP pool does. I thought it was a list of IP address that are allowed to connect to the VPN, but I think that I understand now that the IP pool is just the (private) IP address that are assinged to a client once a VPN connection is established?

Thanks again for your time, Bill

Re: VPN choices

Bill,

That is correct - just the IP addresses allocated to the remote users.

HTH.

Re: VPN choices

Actually my statement:-

"You also have to wait for the session to timeout/clear when one of the users disconnects - not great" got me thinking - so I went back to my WebVPN config and found this little nugget:-

default-idle-timeout ##

##=seconds.

No more waiting for 30mins for the session to time out!

206
Views
0
Helpful
6
Replies
CreatePlease login to create content