Cisco Support Community
Community Member

Want to install an ASA but curious about VPN connectivity

We currently have our database exposed so external employees can use our application that connects to it. I want to put a security appliance in place that will allow the clients to get a VPN to our office and use the program through that tunnel. What I am wondering about is whether or not the clientless SSL part of the Cisco ASA 5510 will do it. I want it to have little to no interference with their current method of operation. I know that IPSec requires a program to be installed and then run each time they want to connect to the office. I tried searching around for information on how the SSL connectivity works, but can't find anything that truly explains it.

I was looking at the ASA 5510 because this office currently has no firewall in place, just a Cisco router that opens ports on specific servers. Also, because we have about 15 external employees that will need to connect. I wanted the 5510 just incase the number of external employees grows past 25.

I guess my concern is this: What would the employees need to do to connect to our office and create a VPN tunnel for the application to work? From the little information I got about the SSL version, it only exposes some network shares, not necessarily a database, is this correct? I understand the 5510 comes with 250 IPSec peers, so there would be no additional cost, while it only comes with 2 SSL peers and would need licenses for any additional ones.



Re: Want to install an ASA but curious about VPN connectivity


As a summary...

The IPsec VPN requires a client installed on the machine and it provides full connectivity.

The SSL can provide a client (that the ASA will install on the client machine named AnyConnect) and it will also provide full connectivity.

The clientless SSL provides a web portal to access several TCP applications (no full connectivity).

There's a nice feature SmartTunnels for clientless SSL also.

The ASA by default will support only 2 SSL connections (you should increase that with a license).


CreatePlease to create content