04-02-2016 02:37 PM - edited 02-21-2020 08:45 PM
Hello,
Can anyone tell me what is the difference between the Anyconnect SSL VPN and Anyconnect IPSec VPN.
When we use the one and not the other?
Thank you so much.
Best regards.
Solved! Go to Solution.
04-02-2016 07:55 PM
Hello Abdollah,
Anyconnect based on SSL protocol is called Anyconnect SSL VPN and if you deploy Anyconnect with IPSec protocol ,it is called IKev2.
Anyconnect (using IKEv2 or SSLVPN) doesn't use a pre-shared-key to authenticate the user. A certificate will be used to authenticate the ASA and either/both user+pass and certificate is used to authenticate the user. The XML profile is needed just to make the Anyconnect client use IKEv2 rather than the default of SSL when connecting to the ASA.
Here is the doc listing some of the benefits of using Anyconnect with Ikev2 as opposed to SSL VPN.
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-2mt/sec-cfg-ikev2-flex.html#GUID-6548042E-1E4C-416A-8347-00DCF96F04DF
In essence, if you have got a fairly simple deployment , then you can go with SSL VPN setup and if you want to leverage additional features, you can use Anyconnect with IPSec.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
04-02-2016 07:55 PM
Hello Abdollah,
Anyconnect based on SSL protocol is called Anyconnect SSL VPN and if you deploy Anyconnect with IPSec protocol ,it is called IKev2.
Anyconnect (using IKEv2 or SSLVPN) doesn't use a pre-shared-key to authenticate the user. A certificate will be used to authenticate the ASA and either/both user+pass and certificate is used to authenticate the user. The XML profile is needed just to make the Anyconnect client use IKEv2 rather than the default of SSL when connecting to the ASA.
Here is the doc listing some of the benefits of using Anyconnect with Ikev2 as opposed to SSL VPN.
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-2mt/sec-cfg-ikev2-flex.html#GUID-6548042E-1E4C-416A-8347-00DCF96F04DF
In essence, if you have got a fairly simple deployment , then you can go with SSL VPN setup and if you want to leverage additional features, you can use Anyconnect with IPSec.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
04-03-2016 03:33 AM
Hello Dinesh,
Thank you for your reply, that was helpful :)
So for complex architectures, IKEv2 is recommended than SSL?
Best regards.
04-03-2016 04:24 PM
That is right, you can leverage the benefits of Ikev2 for complex deployments but it is more or less dependent directly on your needs rather complexity,
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
08-23-2022 07:36 AM
Can you maybe detail the complexities/flexibility/features that IKEv2 gives you over SSL?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide