Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
0
Helpful
2
Replies

Anyconnect Questions

Go to solution
Ed Willson
Level 1
Level 1

‎12-06-2012 06:40 PM

I'm trying to move away from the IPSEC VPN Client to the Anyconnect client. I've got two big question topics that I need answered:

1: I'd like to explore the always on VPN. Is that included with the essentials licence, or is it an add-on? Also what happens when a user logs on and has no internet connection? Will it prompt to connect directly after they connect to something?

2: Login scripts - Can the Anyconnect client run a script post connection? Currently they (users) are doing this manually, and many don't bother.

Bonus Question: Currently the VPN access is a split tunnel, so internet traffic is un-filtered off-site. How loud did the users scream when you went from a split tunnel to fully tunneled?

Thanks,

    Taemyks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎12-10-2012 09:41 PM

Here is more information on "Always-on" feature:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac03vpn.html#wp1205144

1. Always on VPN requires either AnyConnect Essentials + secure Mobility license, OR/ Premium license:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/feature/guide/anyconnect31features.html#wp58017

2. Yes, more information as follows:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac03vpn.html#wp1068902

Bonus question:

it really depends on how busy your VPN headend (ASA) site is, and remember that depending on where the user is, all traffic will traverse all the way back to headend to internet, back to headend, and gets encrypted back to the vpn client. If users are going overseas, that would impact the most normally. But it really again depends on how busy your VPN server is.

Hope this helps.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎12-10-2012 09:41 PM

Here is more information on "Always-on" feature:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac03vpn.html#wp1205144

1. Always on VPN requires either AnyConnect Essentials + secure Mobility license, OR/ Premium license:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/feature/guide/anyconnect31features.html#wp58017

2. Yes, more information as follows:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac03vpn.html#wp1068902

Bonus question:

it really depends on how busy your VPN headend (ASA) site is, and remember that depending on where the user is, all traffic will traverse all the way back to headend to internet, back to headend, and gets encrypted back to the vpn client. If users are going overseas, that would impact the most normally. But it really again depends on how busy your VPN server is.

Hope this helps.

0 Helpful

Go to solution
Ed Willson
Level 1
Level 1
In response to Jennifer Halim

‎12-11-2012 07:59 PM

Proper answer. Thanks! I got pricing back for the premium license and choked. I was looking at the shared rather than primary.

I went with essentials instead and am writing a (windows) service that monitors connections and adjusts firewall rules to make the client act like it's always on.

Thanks,

   Taemyks

0 Helpful
Customers Also Viewed These Support Documents