Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1059
Views
0
Helpful
2
Replies

891F VPN for remote employees

Go to solution
Vifilio
Level 1
Level 1

ā€Ž11-28-2018 09:51 AM

We recently purchased a 891F router for our new fiber connection. This was a recommendation from our fiber provider. Never having dealt with Cisco IOS before, we eventually were able to mange the setup via CLI and are very happy about the performance. Now we would like to leverage its VPN capabilities but ran into several issues. 

 

It's unclear whether we

1. ... need any license for providing access to remote employees working on Mac and Windows desktops?

2. ... which client to use, AnyConnect or native OS? SSL or IPSEC?

3. ... do we need to activate any license on 891F server? (Our version is 15.3)

4. ... how many remote users are supported? There appears to be different info on the web ranging from 10, to 50 all up to 100.

5. ... what is the right configuration? I read easyvpn for site-to-site but then some folks appear to use this with EOL EasyVPN client for remote access.

 

It would be great if someone could help me understand what is needed and where to obtain any potential licenses needed.

 

Thanks in advance,

Vifilio

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

ā€Ž11-28-2018 10:06 AM

Hi,

FlexVPN is probably the best solution that meets your needs, this can be used for both Site-to-Site and Remote Access VPN. The Remote Access VPN is an IPSec based VPN not a SSL-VPN. This link has examples for various different FlexVPN configurations.

 

In regard to licensing, if you are using AnyConnect you would need AnyConnect licenses, contact your reseller for more information.

 

The 800 series datasheet recommended upto 50 users, but I guess it depends what features you are running in addition to VPNs, this may impact performance.

 

HTH

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

ā€Ž11-28-2018 10:06 AM

Hi,

FlexVPN is probably the best solution that meets your needs, this can be used for both Site-to-Site and Remote Access VPN. The Remote Access VPN is an IPSec based VPN not a SSL-VPN. This link has examples for various different FlexVPN configurations.

 

In regard to licensing, if you are using AnyConnect you would need AnyConnect licenses, contact your reseller for more information.

 

The 800 series datasheet recommended upto 50 users, but I guess it depends what features you are running in addition to VPNs, this may impact performance.

 

HTH

0 Helpful

Go to solution
Vifilio
Level 1
Level 1
In response to Rob Ingram

ā€Ž11-28-2018 11:58 AM

Thanks a bunch for the pointer to FlexVPN and IPSEC IKEv2 option. From everything I have read now it appears the only way to connect properly from Mac is to use AnyConnect client. I also came across the following helpful presentation that seems to confirm

 

https://technodocbox.com/Internet_Technology/70236896-Vpn-remote-access-with-ios-introduction-to-flexvpn.html

 

In addition, I just obtained a demo license for our router and will go ahead trying to setup a remote VPN. I will come back to this thread in case I succeed or have more questions. In the meantime, any help in router configuration is much appreciated.

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents