Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1508
Views
5
Helpful
4
Replies

SSL VPN on Nokia E6 and Blackberry as client with Cisco Router IOS?

Talha Ansari
Level 1
Level 1

‎12-22-2011 06:46 AM

Hi,

I wish to run Web VPN on a Cisco 1841 router on which a 2mbps internet is terminated.

Checked out documents related to this and I have few querries.

1) I have read that Anyconnect VPN is not supported when using WEB-VPN on Router IOS. It is only supported if Web-VPN is configured on ASA... is it correct?

2) If I wish to use SSL VPN then as per the below document I have three options.

http://www.cisco.com/en/US/products/ps6496/products_configuration_example09186a0080720346.shtml

Clientless SSL VPN (WebVPN)

Thin-Client SSL VPN (Port Forwarding)

SSL VPN Client (SVC Full Tunnel Mode)

3) I want to know whether Clientless SSL VPN and SVC full mode option is supported on nokia-e6 and blackberry? Please let me know if there is any other option available for these smartphones.

SVC full tunnel mode says that the client downloads some java applet from the VPN server... so will this applet work on nokia-e6 and blackberry or is it only compatible with end machines?

4) Since the internet terminated is only 2 mbps so what difference would a AIM-VPN/SSL-1 card can make on 1841? I understand it is for hardware acceleration for encryption/decryption but will there be a difference noticed in case ?

Regards,

Talha

Labels:
0 Helpful
4 Replies 4

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎12-22-2011 07:57 AM

Talha,

1) Anyconnect (or previously SVC) is compatible with both IOS and ASA.

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_ssl_vpn_ps10591_TSD_Products_Configuration_Guide_Chapter.html#wp1055905

2) Yes.

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_ssl_vpn_ps10591_TSD_Products_Configuration_Guide_Chapter.html#wp1053878

Clientless - You need only browser.

Think-client - Browser plus java or activex (smart tunnel or port forwarding).

Full client - Anyconnect (forget about SVC)

3) As far as I'm aware there is no supported Anyconnect version for blackerry,

Nokia E6 Anyconnect versions should be available for download. But I would discuss with your SE whether it will work for what you're planning.

4) AIM-VPN module will add more throughput and amount of sessions it can handle.

For sizing questions please contact your SE.

Marcin

Talha Ansari
Level 1
Level 1
In response to Marcin Latosiewicz

‎12-22-2011 08:24 AM

Hi Marcin,

Thanks for your response... that did clarified a lot of things..

I think Anyconnect is not compatible if used on smartphones(including nokia-e6/iphone/bb) as a client and Cisco IOS based router as a Web-VPN server.... Anyconnect client will work for smartphones only if the VPN server is ASA?? Correct me if wrong.

Also if the clientless VPN needs only browser so web-vpn should work for any smartphone whose browser supports ssl?

Regards,

Talha

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Talha Ansari

‎12-22-2011 10:35 AM

Talha,

Anyconnect is supported on veriaty of mobile platforms including apple devices and android (via different means).

There is also anyconnect for symbian (nokia e6 should be on SYmbian no?):

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect24/release/notes/rn-ac2.4-symbian.html

The code should be OK to work with ASA and IOS, but as I said, I don't know what features your planning to use - it's best you discuss scaling and support with your SE.

Marcin

0 Helpful

Talha Ansari
Level 1
Level 1
In response to Marcin Latosiewicz

‎12-22-2011 09:32 PM

Yeah... e6 is symbian.. and the document you shared clearly states :

"Note : Routers running Cisco IOS do not currently support AnyConnect for Symbian."   

This is not even supported for iphone :

http://www.cisco.com/en/US/products/ps8411/products_qanda_item09186a00809aec31.shtml

I cannot discuss this with SE because I m looking this for a SOHO environment.

However, my ultimate intention is to check for support of SSL-VPN on these smartphones for Cisco Router as a Web-VPN server. I understand now that Anyconnect won't work on smartphones if Cisco Router is deployed as Web-VPN server... it will work only if ASA is deployed as a Web-VPN server.

Now my only way seems to be clientless SSL-VPN. Has anyone used such a setup... I mean with Cisco router as a Web-VPN server and smartphones connecting to the server using clientless SSL VPN?

Regards,

Talha

0 Helpful
Customers Also Viewed These Support Documents