[c-nsp] Cisco SSL VPN?

Tillinger, Steve steve.tillinger at SourceMedia.com
Fri Aug 21 16:58:23 EDT 2009 

If you upgrade to ASA 8.2, there's a AnyConnect Essentials license which
allows you use the SSL client for the number of IPsec connections your
ASA is licensed for.  This license is only around ~$100.

So if you have a 5520 with 750 IPsec licenses, when you add the
AnyConnect Essentials license, you'll be able to have 750 SSL client
connections. 

This would be for the SSL fat client.  The webportal is licensed
separately and is much more expensive.  

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin M.
Streiner
Sent: Friday, August 21, 2009 4:22 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco SSL VPN?

On Fri, 21 Aug 2009, Charles Mills wrote:

> Anyone currently (successfully) using the SSL VPN on an ASA box (5520
or above)?
>
> I'm in uncharted territory with this feature and not sure if it is
> worth going down this route.

I've deployed it for a client and it seems to work pretty well, though
as 
far as I know they're not doing anything terribly exotic.

One important gotcha:
The SSL VPN connections are licensed independently from IPSEC
connections. 
The base license allows for only two concurrent connections at least on 
the smaller ASAs, so you might need to purchase a license upgrade if you

want to roll it out on a larger scale.  If you do a "show version" on
the 
ASA, the number of WebVPN peers is the number you need to know.

Cisco has made it clear that they're moving in this direction, as they 
don't seem to be putting much new development effort into the IPSEC
client 
- it doesn't support 64-bit OSen, and I doubt they'll spin many cycles 
testing Windows 7, etc...  They seem to want people to move to the 
AnyConnect (SSL VPN) model.

jms
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

"This communication is intended solely for the addressee and is confidential and not for third party unauthorized distribution"

More information about the cisco-nsp mailing list