Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
768
Views
0
Helpful
3
Replies

Anyconnect client?

Andy White
Level 3
Level 3

‎12-14-2010 02:34 AM - edited ‎02-21-2020 05:01 PM

Hello,

I want to move away from getting users to use the Cisco VPN client and use something like Anyconnect (or SSL).  I wondered if someone can answer these questions regarding Anyconnect?  We are using an ASa 5520.

1.)  What license pack would I need on my ASA 5520?

2.)  Is Anyconnect the java based client which can be un-installed automatically after disconnecting?

3.) With the Cisco VPN client I use many profiles for different departments, how can I make sure I keep this using Anyconnect?  For example if you are in Sales and you login using your Active Directory username and password you get eh correct pool range?  I use these pool ranges to control access via access lists.

Thanks

Labels:
0 Helpful
3 Replies 3

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎12-14-2010 07:02 AM

Hi Andy,

1) There are different licenses depending if you want AnyConnect or clientless SSL and/or advanced features like Secure Desktop.
2) Yes
3) You can still use different profiles if using Radius or LDAP.

You can check this link for more complete information:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd80402e3f.html

Federico.

0 Helpful

Andy White
Level 3
Level 3
In response to Federico Coto Fajardo

‎12-14-2010 07:10 AM

Thanks,

What is your preferred method to give the user and admin guy the most flexibility?

Cheers

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Andy White

‎12-14-2010 07:21 AM

For flexibility you can have the ASA accept both clientless and AnyConnect SSL connections.
The AnyConnect can be injected via the SSL connection and automatically deleted when finished, however the AnyConnect requires
admin rights on the PC for installation (it can be kept in the PC installed).
For users not requiring full network access, the clientless is a better option to provide a web portal for TCP applications.
For users that require a full network feel like the Cisco IPsec client, the AnyConnect is the way to go.
For clientless you can enable Port Forwarding and Smart Tunnels to increase functionality.
You can also have Secure Desktop and DAP for increase security.
There's a license for mobile clients as well.

Federico.

0 Helpful
Customers Also Viewed These Support Documents