[c-nsp] Cisco SSL VPN?

Tillinger, Steve steve.tillinger at sourcemedia.com
Fri Aug 21 16:56:25 EDT 2009


If you upgrade to ASA 8.2, there's a AnyConnect Essentials license which
allows you 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin M.
Streiner
Sent: Friday, August 21, 2009 4:22 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco SSL VPN?

On Fri, 21 Aug 2009, Charles Mills wrote:

> Anyone currently (successfully) using the SSL VPN on an ASA box (5520
or above)?
>
> I'm in uncharted territory with this feature and not sure if it is
> worth going down this route.

I've deployed it for a client and it seems to work pretty well, though
as 
far as I know they're not doing anything terribly exotic.

One important gotcha:
The SSL VPN connections are licensed independently from IPSEC
connections. 
The base license allows for only two concurrent connections at least on 
the smaller ASAs, so you might need to purchase a license upgrade if you

want to roll it out on a larger scale.  If you do a "show version" on
the 
ASA, the number of WebVPN peers is the number you need to know.

Cisco has made it clear that they're moving in this direction, as they 
don't seem to be putting much new development effort into the IPSEC
client 
- it doesn't support 64-bit OSen, and I doubt they'll spin many cycles 
testing Windows 7, etc...  They seem to want people to move to the 
AnyConnect (SSL VPN) model.

jms
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

"This communication is intended solely for the addressee and is confidential and not for third party unauthorized distribution"


More information about the cisco-nsp mailing list