01-28-2019 06:47 PM - edited 02-21-2020 09:33 PM
need to know the difference between
difference between remote access vpn and site to site VPN on cisco ASA
how can i check from GUI or CLI if this is remote access or L2l VPN?
Solved! Go to Solution.
01-28-2019 07:08 PM
In short:
Site 2 Site (L2L) VPN connects two Private Networks with an IPSec tunnel
Remote Access VPN connects a remote user to Private network with IPSec or SSL
If your using anyconnect for Remote Access you'll have Usernames with attributes with a service type of "remote-access"
username frank password l4f8gs
username frank attributes
service-type remote-access
A site to site VPN will have crypto maps pointing to a peer
crypto map L2L-VPN 10 set peer "IP ADDRESS"
Please remember to rate responses and to mark your question as answered if appropriate.
01-31-2019 12:51 AM
Hi Mahesh,
Totally agree with what Jefrey mentioned.
Just want to add that Site to site is performed between 2 routers or 2 firewalls or mixed between them ( and it is a permanent tunnel), very usefull when you want to communicate 2 or more of your company branches together.
For your employees laptop, you want to use Remote access VPN , so they can connect to companies internal ressources when doing home office ... ( you can do clienteless RA VPN or Anyconnect RA client).
Better to use Anyconnect client as it offers more features.
Hope this helped :)
01-28-2019 07:08 PM
In short:
Site 2 Site (L2L) VPN connects two Private Networks with an IPSec tunnel
Remote Access VPN connects a remote user to Private network with IPSec or SSL
If your using anyconnect for Remote Access you'll have Usernames with attributes with a service type of "remote-access"
username frank password l4f8gs
username frank attributes
service-type remote-access
A site to site VPN will have crypto maps pointing to a peer
crypto map L2L-VPN 10 set peer "IP ADDRESS"
Please remember to rate responses and to mark your question as answered if appropriate.
01-31-2019 12:51 AM
Hi Mahesh,
Totally agree with what Jefrey mentioned.
Just want to add that Site to site is performed between 2 routers or 2 firewalls or mixed between them ( and it is a permanent tunnel), very usefull when you want to communicate 2 or more of your company branches together.
For your employees laptop, you want to use Remote access VPN , so they can connect to companies internal ressources when doing home office ... ( you can do clienteless RA VPN or Anyconnect RA client).
Better to use Anyconnect client as it offers more features.
Hope this helped :)
03-01-2019 06:40 PM
Many thanks for answering the Question.
02-01-2019 10:02 AM
Hello,
The CLI command would depend on what platform(type of device whether a router or ASA) you are using. One of the commands I use on the ASA to find out whether there's a STS VPN (L2L) or RA VPN (Remote Access) is to issue this command "show ipsec sa" and look under teh crypto map for the "inbound esp sas\in use settings". If the
in use settings ={RA, Tunnel, NAT-T-Encaps, IKEv1, ---> This indicates that the type of VPN is RA ( Remote Access)
in use settings ={L2L, Tunnel, PFS Group 2, IKEv2, } ---> This indicates that the type of VPN is STS (L2L: LAN To LAN, which means Site To Site VPN).
Here's some sources: https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_site2site.html#28546
HTH.
Best, ~zK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide