[c-nsp] Cisco SSL VPN?
Tony Varriale
tvarriale at comcast.net
Fri Aug 21 19:27:26 EDT 2009
Just note that it's not a requirement but you may need to...
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
tv
----- Original Message -----
From: "Ryan West" <rwest at zyedge.com>
To: "Tillinger, Steve" <steve.tillinger at SourceMedia.com>; "Justin M.
Streiner" <streiner at cluebyfour.org>; <cisco-nsp at puck.nether.net>
Sent: Friday, August 21, 2009 4:23 PM
Subject: Re: [c-nsp] Cisco SSL VPN?
> One thing to note before upgrading to 8.2+ is the increased memory
> requirements. If you're using a 5510, you'll want to upgrade to a 512MB
> stick.
>
> -ryan
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tillinger, Steve
> Sent: Friday, August 21, 2009 4:58 PM
> To: Justin M. Streiner; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Cisco SSL VPN?
>
> If you upgrade to ASA 8.2, there's a AnyConnect Essentials license which
> allows you use the SSL client for the number of IPsec connections your
> ASA is licensed for. This license is only around ~$100.
>
> So if you have a 5520 with 750 IPsec licenses, when you add the
> AnyConnect Essentials license, you'll be able to have 750 SSL client
> connections.
>
> This would be for the SSL fat client. The webportal is licensed
> separately and is much more expensive.
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin M.
> Streiner
> Sent: Friday, August 21, 2009 4:22 PM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Cisco SSL VPN?
>
> On Fri, 21 Aug 2009, Charles Mills wrote:
>
>> Anyone currently (successfully) using the SSL VPN on an ASA box (5520
> or above)?
>>
>> I'm in uncharted territory with this feature and not sure if it is
>> worth going down this route.
>
> I've deployed it for a client and it seems to work pretty well, though
> as
> far as I know they're not doing anything terribly exotic.
>
> One important gotcha:
> The SSL VPN connections are licensed independently from IPSEC
> connections.
> The base license allows for only two concurrent connections at least on
> the smaller ASAs, so you might need to purchase a license upgrade if you
>
> want to roll it out on a larger scale. If you do a "show version" on
> the
> ASA, the number of WebVPN peers is the number you need to know.
>
> Cisco has made it clear that they're moving in this direction, as they
> don't seem to be putting much new development effort into the IPSEC
> client
> - it doesn't support 64-bit OSen, and I doubt they'll spin many cycles
> testing Windows 7, etc... They seem to want people to move to the
> AnyConnect (SSL VPN) model.
>
> jms
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> "This communication is intended solely for the addressee and is
> confidential and not for third party unauthorized distribution"
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list