Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1694
Views
10
Helpful
5
Replies

Client VPN on 2921

Go to solution
aleksa
Level 1
Level 1

‎02-28-2017 03:36 PM

Hi all,

must say I'm confused, I come from time of successfully connecting clients to IOS routers using Cisco VPN client, it worked great.

Now I'm a bit lost.

Need to configure client VPN for dozen of remote users to a 2921

RTR#sh inventory
NAME: "CISCO2921/K9", DESCR: "CISCO2921/K9 chassis, Hw Serial#: XXXXXXX, Hw Revision: 1.0"
PID: CISCO2921/K9 , VID: V08 , SN: XXXXXXXX

NAME: "C2921/C2951 AC Power Supply", DESCR: "C2921/C2951 AC Power Supply"
PID: PWR-2921-51-AC , VID: V03 , SN: XXXXXXXXXX


What are my options?

1. AnyConnect - I understand this is VPN client software, installed on a PC. Licensing limitations?

2. SSL VPN - a browser based clientless VPN?

I understand there may be license limitations? Do they apply to SSL VPN only or to AnyConnect as well?

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to aleksa

‎02-28-2017 04:53 PM

The Anyconnect client itself needs to be purchased for the number of users in your environment. You have an option of Anyconect Plus or Apex license, comparison of which is given here:

http://www.petenetlive.com/KB/Article/0001013

This license is not applied to the IOS router.

The headend IOS router does not require another license for Anyconnect clients to connect to it if you have:

1) version 15.3(3)M or later

2) securityk9 license

Hope this helps.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎02-28-2017 04:25 PM

For IOS routers, Anyconnect is the way to go. You can do both SSL and IPsec (Ikev2) using the Anyconnect client. To answer your questions:

1) Licensing comes along with security k9 license in the newer releases. The different license behaviors for different IOS versions are documented here:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200533-AnyConnect-Configure-Basic-SSLVPN-for-I.html#anc4

Anyconnect has to be installed on the client and the above link should be a good start.

2) Clientless is really limited on the IOS routers, would not recommend using this on IOS routers.

Go to solution
aleksa
Level 1
Level 1
In response to Rahul Govindan

‎02-28-2017 04:39 PM

Hi Rahul,

thanks for the link, it's definitely a good document to read before and during deployment.

Since I'm not too comfortable with this, can you clarify, 

is it true that any way you look at it, customer will have to buy licenses to be able to use AnyConnect VPN client?

The way I understood, the configuration of the client VPN is facilitated by evaluation to be followed by purchasing the license, so you can put system into production and then follow up with purchase at a later date?

Thanks!

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to aleksa

‎02-28-2017 04:53 PM

The Anyconnect client itself needs to be purchased for the number of users in your environment. You have an option of Anyconect Plus or Apex license, comparison of which is given here:

http://www.petenetlive.com/KB/Article/0001013

This license is not applied to the IOS router.

The headend IOS router does not require another license for Anyconnect clients to connect to it if you have:

1) version 15.3(3)M or later

2) securityk9 license

Hope this helps.

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎03-01-2017 12:06 AM

There is one more option to consider: The router also supports the legacy EzVPN without additional licensing costs. You can't use AnyConnect for this, EzVPN runs with many OS build-in clients and external clients like the one from Shrew. But less costs is the only  benefit, everything else is better with AnyConnect.

Go to solution
aleksa
Level 1
Level 1

‎03-05-2017 09:49 PM

Thanks,

could you recommend a configuration example for IPSEC IKE configuration on IOS router for Anyconnect client?

All I find is about using SSL WebVPN...

Cheers,

Alex

0 Helpful
Customers Also Viewed These Support Documents