cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

1614
Views
5
Helpful
4
Replies
Frequent Contributor

difference between remote access vpn and site to site VPN

need to know the difference between 

 

difference between remote access vpn and site to site VPN on cisco ASA

 

how can i check from GUI or CLI if this is remote access or L2l VPN?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Beginner

Re: difference between remote access vpn and site to site VPN

In short:

 

Site 2 Site (L2L) VPN connects two Private Networks with an IPSec tunnel

Remote Access VPN connects a remote user to Private network with IPSec or SSL

 

If your using anyconnect for Remote Access you'll have Usernames with attributes with a service type of "remote-access"

username frank password l4f8gs

username frank attributes

 service-type remote-access

 

A site to site VPN will have crypto maps pointing to a peer

crypto map L2L-VPN 10 set peer "IP ADDRESS"

 

Please remember to rate responses and to mark your question as answered if appropriate.

 

View solution in original post

Beginner

Re: difference between remote access vpn and site to site VPN

Hi Mahesh,

 

Totally agree with what Jefrey mentioned.

 

Just want to add that Site to site is performed between 2 routers or 2 firewalls   or mixed between them ( and it is a permanent tunnel), very usefull when you want to communicate 2 or more of your company branches together.

 

For your employees laptop, you want to use Remote access VPN , so they can connect to companies internal ressources when doing home office ... ( you can do clienteless RA VPN or Anyconnect RA client).

Better to use Anyconnect client as it offers more features.

 

Hope this helped :)

 

 

 

 

 

View solution in original post

4 REPLIES 4
Beginner

Re: difference between remote access vpn and site to site VPN

In short:

 

Site 2 Site (L2L) VPN connects two Private Networks with an IPSec tunnel

Remote Access VPN connects a remote user to Private network with IPSec or SSL

 

If your using anyconnect for Remote Access you'll have Usernames with attributes with a service type of "remote-access"

username frank password l4f8gs

username frank attributes

 service-type remote-access

 

A site to site VPN will have crypto maps pointing to a peer

crypto map L2L-VPN 10 set peer "IP ADDRESS"

 

Please remember to rate responses and to mark your question as answered if appropriate.

 

View solution in original post

Beginner

Re: difference between remote access vpn and site to site VPN

Hi Mahesh,

 

Totally agree with what Jefrey mentioned.

 

Just want to add that Site to site is performed between 2 routers or 2 firewalls   or mixed between them ( and it is a permanent tunnel), very usefull when you want to communicate 2 or more of your company branches together.

 

For your employees laptop, you want to use Remote access VPN , so they can connect to companies internal ressources when doing home office ... ( you can do clienteless RA VPN or Anyconnect RA client).

Better to use Anyconnect client as it offers more features.

 

Hope this helped :)

 

 

 

 

 

View solution in original post

Highlighted
Frequent Contributor

Re: difference between remote access vpn and site to site VPN

Many thanks for answering the Question.

Enthusiast

Re: difference between remote access vpn and site to site VPN

Hello,

 

The CLI command would depend on what platform(type of device whether a router or ASA) you are using. One of the commands I use on the ASA to find out whether there's a STS VPN (L2L) or RA VPN (Remote Access)  is to issue this command "show ipsec sa" and look under teh crypto map for the "inbound esp sas\in use settings". If the

 

 in use settings ={RA, Tunnel,  NAT-T-Encaps, IKEv1,  ---> This indicates that the type of VPN is RA ( Remote Access)

  in use settings ={L2L, Tunnel, PFS Group 2, IKEv2, } ---> This indicates that the type of VPN is STS (L2L: LAN To LAN, which means Site To Site VPN).

 

Here's some sources: https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_site2site.html#28546

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-cfg-vpn-ipsec.html#GUID-3ED7166F-F328-4229-A4B6-D08C0C103E3B

 

HTH.

 

Best, ~zK

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here