Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1837
Views
0
Helpful
2
Replies

Migrating from VPN Client 5 to AnyConnect

Go to solution
Martin Hruby
Level 1
Level 1

‎12-01-2015 12:21 AM - edited ‎02-21-2020 08:34 PM

Dear community

We are in the process of migrating from the old Cisco VPN Client 5 to Cisco AnyConnect.

I have a couple of ASA-5510 running 9.1(1) code with a Base license, and in current setup all remote users log into the VPN using standard IKE/IPSec methods from their laptops (no split tunneling, nothing fancy). The VPN Client currenly has a profile which is imported into each user's laptop and has a pre-shared key stored, the solution works fine.

Management decided to go for the Plus version of AnyConnect, rather than Apex which I believe satisfies all our requirements (overview here: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/feature/guide/anyconnect40features.html).

I have three questions about migrating from VPN Client to AnyConnect:

1) currently my ASA shows that AnyConnect is disabled (see attached screenshot of show version). Do I need to upgrade the license on my ASA? If so does that come with AnyConnect or do I need to order it separately?

2) is it possible to use the VPN profile from VPN Client with AnyConnect or do I need to create a new one?

3) can someone direct me to a configuration guide for remote access VPN using the AnyConnect client rather than the old VPN Client? Are there any caveats / gotchas I should be aware of?

Thanks a lot!

Best regards,
Martin

Labels:
Preview file
19 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-01-2015 12:39 AM

1. Ordering the AnyConnect Plus license will get you a PAK that you can redeem in the self-serivce portal to get an activation key for your ASA. (You will need the ASA serial number as well.) That will enable AnyConnect "Essentials" (old name for Plus feature set (which now includes Mobile), more or less) and allow you to run the "anyconnect-essentials" command.

2. The old style IPsec profiles do not convey to new SSL VPN ones.

3. There are many many of these out there. If you're new to it, you may find Pete Long's how-to blog posting useful:

http://www.petenetlive.com/KB/Article/0000069.htm

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-01-2015 12:39 AM

1. Ordering the AnyConnect Plus license will get you a PAK that you can redeem in the self-serivce portal to get an activation key for your ASA. (You will need the ASA serial number as well.) That will enable AnyConnect "Essentials" (old name for Plus feature set (which now includes Mobile), more or less) and allow you to run the "anyconnect-essentials" command.

2. The old style IPsec profiles do not convey to new SSL VPN ones.

3. There are many many of these out there. If you're new to it, you may find Pete Long's how-to blog posting useful:

http://www.petenetlive.com/KB/Article/0000069.htm

0 Helpful

Go to solution
Martin Hruby
Level 1
Level 1
In response to Marvin Rhoads

‎12-08-2015 10:31 PM

Thanks Marvin

That's very helpful.

Best regards,
Martin

0 Helpful
Customers Also Viewed These Support Documents