Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1841
Views
12
Helpful
7
Replies

Differences and Similarities between standard VPN client and AnyConnect Client

Go to solution
Kevin Melton
Level 2
Level 2

‎02-22-2011 11:58 AM - edited ‎02-21-2020 05:11 PM

I have experience using the Cisco VPN client and configuring the ASA applianc

es with Crypto Maps and such to help establish what I would consider "normal VPN" tunnels.

I (my company is a Cisco Channel Partner) am meeting with a perspective client tomorrow to discuss FW solutions and VPN.

I am trying to digest today what the other VPN Options are.

ASDM shows 3 boxes under Configuration>Remote Access VPN.  The 3 options are (in this order):

Clientless SSL VPN Remote Access (using Web Browser)   THIS I UNDERSTAND  

SSL VPN Remote Access (using Cisco AnyConnect Client)  THIS I DO NOT UNDERSTAND

IPsec VPN Remote Access (using Cisco VPN Client)              THIS I UNDERSTAND

Prior to seeing these choices on the ASA, I was under the impression that "SSL VPN remote access" was using a Web Browser.  What is the AnyConnect Client, and what is a practical example of when I would choose this option vs. the other VPN options.

Thanks

Kevin

I am attaching a picture of what I am referencing above to eliminate any confusion...

Labels:
Preview file
168 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Kevin Melton

‎02-24-2011 01:51 PM

Kevin,

You need to check which file you download.

For example something like this:

.pkg is the installation file for the ASA (flash memory) so that it can be pushed to clients on SSL connections

.msi is the executable file for the client's OS

Federico.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎02-22-2011 12:21 PM

Hi Kevin,

When you use SSL VPN using a browser it is called clientless and it does not give you full internal access.

The browser act as a portal to provide with access to internal resources.

To be able to provide full tunneling capabilities, you can connect using SSL AnyConnect so that a client software is injected in the client machine to be able to have full access (as using the IPsec client).

The advantage is that the client could be injected via the original web browser connection (no need to pre-install it on the client machine) and you get the IPsec client feel as if you're locally connected to the network.

Hope it helps.


Federico.

Go to solution
Kevin Melton
Level 2
Level 2
In response to Federico Coto Fajardo

‎02-22-2011 01:01 PM

Federico

Thanks for the prompt response.  I did want to take the dialogue one step furthur.

Referencing your statement

"you can connect using SSL AnyConnect so that a client software is injected in the client machine"

What do you mean here by "injected into the client machine"?  Injected by the ASA?  I am still not clear on what you are trying to explain.  thx

Also where does one get an SSL AnyConnect client from?  is is free like the VPN client based on SmartNet or does it cost, i.e., do you have to purchase licenses for it?

Thanks again

Kevin

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Kevin Melton

‎02-22-2011 01:08 PM

Kevin,

The AnyConnect can be pre-installed on the client or can be pushed from the ASA to the client (on the web SSL connection).

The ASA can be configured to inject the client and to uninstall it after connection for example (or keep it in the system).

For the IPsec client you can just download it if having SmartNet or similar.. for the SSL AnyConnect, the ASA comes with a pre-installed 2-license (for testing purposes). This means that you can test up to two AnyConnect clients simultaneously to the ASA without any extra license.

You can purchase licenses solely for AnyConnect or for other features like allowing clientless connections and Secure Desktop functionality.

Take a look here:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd80402e3f.html

Hope it helps.


Federico.

Go to solution
Kevin Melton
Level 2
Level 2
In response to Federico Coto Fajardo

‎02-22-2011 01:24 PM

Federico

Once again, where would I obtain the AnyConnect client?  It shows on my ASA that there are two licenses for it.  I am just not sure where to get the client so I can test...

thx

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Kevin Melton

‎02-22-2011 01:27 PM

Check if it's already installed... show flash on the ASA.

Otherwise can download the software from the cisco download page.


Federico.

Go to solution
Kevin Melton
Level 2
Level 2
In response to Federico Coto Fajardo

‎02-24-2011 01:25 PM

Federico

I downloaded it the other night, but I see no evidence that it installed.  When I click on the executable, a DOS screen pops open for a second or two then goes away.  programs does not show it as being installed.  Is this AnyConnect not a GUI?

thx

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Kevin Melton

‎02-24-2011 01:51 PM

Kevin,

You need to check which file you download.

For example something like this:

.pkg is the installation file for the ASA (flash memory) so that it can be pushed to clients on SSL connections

.msi is the executable file for the client's OS

Federico.

0 Helpful
Customers Also Viewed These Support Documents