Correct - your Smartnet on an

joelwood1 · ‎10-31-2014

have a small company with ASA5505 8.3.2/ASDM 6.4 - they would like to access their server files remotely, etc - so VPN... (right?)

(I went to school for networking but we just kinda flew through VPN configurations and specifics "because there are too many to try to teach, so you'll just learn it on the job." Now on the job, time to learn.)

Anyway, what's the best way to configure the VPN - SSL? IPSec? They want to connect windows 7 and 8 machines as well as iphones/ipads/android devices. Do you have to pay for the AnyConnect client software? There isn't a Cisco service contract for this account. What are my options? Can someone please help a guy setting up his first VPN? Thanks in advance...

Marvin Rhoads · ‎10-31-2014

No service contract hurts yo in a case like this - Smartnet on a 5505 is very inexpensive and entitles you to 24x7 Cisco TAC support.

That said, there is a VPN wizard in ASDM that does the heavy lifting for you. The type you want is SSL VPN. That will use the AnyConnect client. There isn't any cost for that software but to get the latest versions you need service contract. They update it quite regularly. A new major release (4.0) will be out later in November.

For mobile devices (iOS and Android) you will have to have the AnyConnect for Mobile license added. That runs about $100 list. Check the output of "show activation-key" to see if you have it already.

Maybe you can have them purchase both the mobile license and Smartnet support if it's needed. The license is permanent and Smartnet on a 5505 is only about US$100-200 per year depending on the current license type (i.e 10 user or unlimited). One troubleshooting session with the TAC is worth that cost.

joelwood1 · ‎11-03-2014

So, I can still get the AnyConnect client software without a service contract, but it just won't be current version? I can't find it. When I go here to download the AnyConnect there is v5.x and v4.x and v4.x is for Linux/Mac and for v5.x it says I need service contract with login. Where do I find the older windows client download?

Marvin Rhoads · ‎11-03-2014

You are looking at the legacy and deprecated Cisco VPN client when you look at the version 4 and 5 software. It is used only for IKEv1 IPsec VPNs. The Windows client is still available for download (even though the End-of-Life announcement says it shouldn't be):

http://software.cisco.com/download/release.html?mdfid=281940730&flowid=4466&softwareid=282364316&os=Windows&release=5.0.07.0440&relind=AVAILABLE&rellifecycle=&reltype=latest

AnyConnect Secure Mobility Client is currently at version 3.1 (4.0 about to come out) and is a completely different software client. It is used for SSL VPN (and IKEv2 IPsec).

joelwood1 · ‎11-03-2014

Thanks Marvin,

I'm still not getting anywhere. I guess I'm just not understanding so thanks for the patience. When I go to the link you provided and try to download I'm unable to. I get this message: (see attachement(s)).

joelwood1 · ‎11-03-2014

I contacted Cisco and turns out there aren't any versions of AnyConnect that I can get without a service contract.

Marvin Rhoads · ‎11-03-2014

Correct - your Smartnet on an ASA will entitle you to get the current AnyConnect client software in addition to TAC support for both the hardware and software.

a few questions about VPN on ASA5505