[c-nsp] Cisco SSL VPN?
Ge Moua
moua0100 at umn.edu
Fri Aug 21 17:48:52 EDT 2009
We've used this free IPSec 64-bit Windows client for the Cisco VPN:
http://www.shrew.net/
Regards,
Ge Moua | Email: moua0100 at umn.edu
Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
Eric Girard wrote:
> Something relatively recent that makes the lack of 64-bit support much more palatable is the new Essentials license. It needs 8.2 code, but for short money it gives you AnyConnect client only SSL VPN support for the max number of tunnels supported by the box. It restores the cost/benefit of the old IPSec client.
>
> Beyond that, to add to what Justin said, nothing fancy, it pretty much works, similar to the old IPSec client. I tend to stay away from the clientless and Java client stuff, just stick to the AnyConnect.
>
> Eric
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin M. Streiner
> Sent: Friday, August 21, 2009 4:22 PM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Cisco SSL VPN?
>
> On Fri, 21 Aug 2009, Charles Mills wrote:
>
>
>> Anyone currently (successfully) using the SSL VPN on an ASA box (5520 or above)?
>>
>> I'm in uncharted territory with this feature and not sure if it is
>> worth going down this route.
>>
>
> I've deployed it for a client and it seems to work pretty well, though as
> far as I know they're not doing anything terribly exotic.
>
> One important gotcha:
> The SSL VPN connections are licensed independently from IPSEC connections.
> The base license allows for only two concurrent connections at least on
> the smaller ASAs, so you might need to purchase a license upgrade if you
> want to roll it out on a larger scale. If you do a "show version" on the
> ASA, the number of WebVPN peers is the number you need to know.
>
> Cisco has made it clear that they're moving in this direction, as they
> don't seem to be putting much new development effort into the IPSEC client
> - it doesn't support 64-bit OSen, and I doubt they'll spin many cycles
> testing Windows 7, etc... They seem to want people to move to the
> AnyConnect (SSL VPN) model.
>
> jms
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list