cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4358
Views
5
Helpful
4
Replies

difference between remote access vpn and site to site VPN

mahesh18
Level 6
Level 6

need to know the difference between 

 

difference between remote access vpn and site to site VPN on cisco ASA

 

how can i check from GUI or CLI if this is remote access or L2l VPN?

2 Accepted Solutions

Accepted Solutions

Jeffrey Read
Level 1
Level 1

In short:

 

Site 2 Site (L2L) VPN connects two Private Networks with an IPSec tunnel

Remote Access VPN connects a remote user to Private network with IPSec or SSL

 

If your using anyconnect for Remote Access you'll have Usernames with attributes with a service type of "remote-access"

username frank password l4f8gs

username frank attributes

 service-type remote-access

 

A site to site VPN will have crypto maps pointing to a peer

crypto map L2L-VPN 10 set peer "IP ADDRESS"

 

Please remember to rate responses and to mark your question as answered if appropriate.

 

View solution in original post

bern81
Level 1
Level 1

Hi Mahesh,

 

Totally agree with what Jefrey mentioned.

 

Just want to add that Site to site is performed between 2 routers or 2 firewalls   or mixed between them ( and it is a permanent tunnel), very usefull when you want to communicate 2 or more of your company branches together.

 

For your employees laptop, you want to use Remote access VPN , so they can connect to companies internal ressources when doing home office ... ( you can do clienteless RA VPN or Anyconnect RA client).

Better to use Anyconnect client as it offers more features.

 

Hope this helped :)

 

 

 

 

 

View solution in original post

4 Replies 4

Jeffrey Read
Level 1
Level 1

In short:

 

Site 2 Site (L2L) VPN connects two Private Networks with an IPSec tunnel

Remote Access VPN connects a remote user to Private network with IPSec or SSL

 

If your using anyconnect for Remote Access you'll have Usernames with attributes with a service type of "remote-access"

username frank password l4f8gs

username frank attributes

 service-type remote-access

 

A site to site VPN will have crypto maps pointing to a peer

crypto map L2L-VPN 10 set peer "IP ADDRESS"

 

Please remember to rate responses and to mark your question as answered if appropriate.

 

bern81
Level 1
Level 1

Hi Mahesh,

 

Totally agree with what Jefrey mentioned.

 

Just want to add that Site to site is performed between 2 routers or 2 firewalls   or mixed between them ( and it is a permanent tunnel), very usefull when you want to communicate 2 or more of your company branches together.

 

For your employees laptop, you want to use Remote access VPN , so they can connect to companies internal ressources when doing home office ... ( you can do clienteless RA VPN or Anyconnect RA client).

Better to use Anyconnect client as it offers more features.

 

Hope this helped :)

 

 

 

 

 

Many thanks for answering the Question.

zekebashi
Level 4
Level 4

Hello,

 

The CLI command would depend on what platform(type of device whether a router or ASA) you are using. One of the commands I use on the ASA to find out whether there's a STS VPN (L2L) or RA VPN (Remote Access)  is to issue this command "show ipsec sa" and look under teh crypto map for the "inbound esp sas\in use settings". If the

 

 in use settings ={RA, Tunnel,  NAT-T-Encaps, IKEv1,  ---> This indicates that the type of VPN is RA ( Remote Access)

  in use settings ={L2L, Tunnel, PFS Group 2, IKEv2, } ---> This indicates that the type of VPN is STS (L2L: LAN To LAN, which means Site To Site VPN).

 

Here's some sources: https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_site2site.html#28546

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-cfg-vpn-ipsec.html#GUID-3ED7166F-F328-4229-A4B6-D08C0C103E3B

 

HTH.

 

Best, ~zK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: