Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11208
Views
0
Helpful
7
Replies

Anyconnect Essential or SSL VPN?

Go to solution
smunzani
Level 1
Level 1

‎11-11-2010 06:02 AM - edited ‎02-21-2020 04:58 PM

Hi,

I am a bit confused. What's difference between Anyconnect Essential(L-ASA-AC-E-5510=) and SSL VPN licenses(L-ASA-SSL-PR-25=)? I am trying to serve following goal and bit confused about what to purchase.

1. Allow users to VPN in via SSL and telnet to the unix system.

2. Allow users to use RDP sessions once connected to the windows system.

3. Allow users to let their outlook connect to exchange server once connected.

I need a solution that would download the client(just point browser to https://x.x.x.x) and let the client gets pushed out. I also need another VPN profile that uninstalls any downloaded client when disconnected. The second profile is for travelling people who uses public PC.

Also, do I need Anyconnect Mobile license if wanted to use iPhone or iPad to access the SSL vpn url?

Any reply would be greatly appreciated.

Thanks,


Sam

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to smunzani

‎11-11-2010 06:48 AM

Clientless SSL means that you establish an SSL tunnel to the ASA without a client (AnyConnect).

In other words, the remote computer needs only a browser to establish the secure connection via HTTPS and have access to a web potal that can redirect access to the internal resources. This type of connection (clientless) allows for access to web applications and via port-forwarding you can enable access to other TCP applications.

When you need full network access (emulating the IPsec VPN client) you require the Client-based SSL connection (AnyConnect).

This does not require a webportal, instead provides with complete full network access.

If you use AnyConnect, the client can be pushed from the ASA to the client via the HTTPS connection (and kept on the remote system or removed) depending on the configuration.

If you're looking for a remote SSL connection that can access a portal and log via telnet/RDP you can use clientless SSL with port forwarding.

If you want the remote clients to have full network access (just like if they are sitting in the local network), you will require the AnyConnect.

Federico.

View solution in original post

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to smunzani

‎11-11-2010 08:59 AM

Hi,

The clients that you mentioned are only for client-based VPN connections.

Client-based VPN connections are two types:

1. IPsec client --> requires the IPsec client

2. SSL-based client ---> requires the AnyConnect

SVC used to be the old version of AnyConnect (not used anymore).

It was supported only in version 7 of the ASA not 8.

In summary.

For SSL connections:

Client-based --> Need AnyConnect in Flash

Client-less --> No need for any client (browser is in charge of managing the HTTPS connection).

Federico.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎11-11-2010 06:12 AM

Hi,

The AnyConnect Essential license will allow for AnyConnect connections but not for SSL clientless connections.

The AnyConnect Premium includes support for clientless as well as advanced features as Cisco Secure Desktop.

Please check the following license information:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd80402e3f.html

Hope it helps.

Federico.

0 Helpful

Go to solution
smunzani
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-11-2010 06:42 AM

I am still confused.

Here is description of AnyConnect Premium from the URL you provided.

Includes clientless SSL VPN, Cisco AnyConnect  Secure Mobility, and Cisco Secure Desktop capabilities (including Host  Scan). Optionally provides full tunneling access to enterprise  applications.

What does it mean by clientless SSL VPN? I thought Anyconnect Essential is also SSL vpn. So what's the fundamental difference for the term "Clientless". Does it mean for AnyConnect Essentials if I point a browser to the URL, it will not download the .pkg file and give me tunnel? Does that mean with AnyConnect Essential I have to load the client on the PC and AnyConnect Premium does it automatically?

I am not looking for web based client VPN that gives me a portal where I could launch some internal URLs. I don't have any http based applications at all. Its all Telnet, RDP.

Thanks,

Sam

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to smunzani

‎11-11-2010 06:48 AM

Clientless SSL means that you establish an SSL tunnel to the ASA without a client (AnyConnect).

In other words, the remote computer needs only a browser to establish the secure connection via HTTPS and have access to a web potal that can redirect access to the internal resources. This type of connection (clientless) allows for access to web applications and via port-forwarding you can enable access to other TCP applications.

When you need full network access (emulating the IPsec VPN client) you require the Client-based SSL connection (AnyConnect).

This does not require a webportal, instead provides with complete full network access.

If you use AnyConnect, the client can be pushed from the ASA to the client via the HTTPS connection (and kept on the remote system or removed) depending on the configuration.

If you're looking for a remote SSL connection that can access a portal and log via telnet/RDP you can use clientless SSL with port forwarding.

If you want the remote clients to have full network access (just like if they are sitting in the local network), you will require the AnyConnect.

Federico.

0 Helpful

Go to solution
smunzani
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-11-2010 07:36 AM

Thank you. Your answer really clarified my confusion.

I will try out clientless SSL with port-forwarding and see if that solves my need. If not, go with Anyconnect Essential. I didn't know that AnyConnect Essential could also push the client binaries to the PC. I was under the impression that it was an advanced feature.

Thanks,

Sam

0 Helpful

Go to solution
smunzani
Level 1
Level 1
In response to smunzani

‎11-11-2010 08:29 AM

One last non related question. On CCO there are various types of clients.

1. IPSEC VPN client - version      <= Seems current

2. AnyConnect VPN client - V2.x     <= Seems current

3. SSL VPN client V1.x     <= This seems antique. Last updated in 2008.

So if I want to implement clientless SSL vpn, do I need that antique piece of software on the flash of the ASA?

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to smunzani

‎11-11-2010 08:59 AM

Hi,

The clients that you mentioned are only for client-based VPN connections.

Client-based VPN connections are two types:

1. IPsec client --> requires the IPsec client

2. SSL-based client ---> requires the AnyConnect

SVC used to be the old version of AnyConnect (not used anymore).

It was supported only in version 7 of the ASA not 8.

In summary.

For SSL connections:

Client-based --> Need AnyConnect in Flash

Client-less --> No need for any client (browser is in charge of managing the HTTPS connection).

Federico.

0 Helpful

Go to solution
smunzani
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-11-2010 01:38 PM

Perfect. This clarifies all the questions.

Thank you so much.

0 Helpful
Customers Also Viewed These Support Documents