cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6550
Views
16
Helpful
4
Replies

Do Cisco ASA's support VPN clients other than Anyconnect?

Craddockc
Level 3
Level 3

Hello Community,

 

I was wondering. When using an ASA as a headend for a VPN (say a 5510) can the end user use a VPN Client other than Anyconnect? If so, what client supplicants are compatible? 

 

Thanks.

1 Accepted Solution

Accepted Solutions

agairola
Level 1
Level 1

My2Cents,

 

Not sure if this applies in your scenario as you are running legacy ASA 5510 which cannot running software version beyond 9.1.x. But if you are running ASA with software code >= 9.3.2 then ASA supports third-party clients for IKEv2 protocol:

 

-----

KEv2 support was added to the ASA in release 8.4. For IKEv2 remote access, the ASA only supported Cisco AnyConnect 3.0+ clients and no other third-party IKEv2 clients. From ASA release 9.3.2 and onward, we added interoperability with standards-based, third-party, IKEv2 remote access clients (in addition to AnyConnect). Authentication support includes preshared keys, certificates, and user authentication via the Extensible Authentication Protocol (EAP).

 

Source: https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asa-vpn-compatibility.html#pgfId-147071

-----

 

./Adesh

 

 

 

View solution in original post

4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

L2TP over IPSec (what is built into Windows).  It is horrible compared to AnyConnect.

https://www.cisco.com/c/en/us/support/docs/ip/layer-two-tunnel-protocol-l2tp/200340-Configure-L2TP-Over-IPsec-Between-Window.html

And in addition to the mentioned L2TP over IPsec, the ASAs still support the legacy EasyVPN with OS-build-in clients or third-party Clients like Shrew.

agairola
Level 1
Level 1

My2Cents,

 

Not sure if this applies in your scenario as you are running legacy ASA 5510 which cannot running software version beyond 9.1.x. But if you are running ASA with software code >= 9.3.2 then ASA supports third-party clients for IKEv2 protocol:

 

-----

KEv2 support was added to the ASA in release 8.4. For IKEv2 remote access, the ASA only supported Cisco AnyConnect 3.0+ clients and no other third-party IKEv2 clients. From ASA release 9.3.2 and onward, we added interoperability with standards-based, third-party, IKEv2 remote access clients (in addition to AnyConnect). Authentication support includes preshared keys, certificates, and user authentication via the Extensible Authentication Protocol (EAP).

 

Source: https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asa-vpn-compatibility.html#pgfId-147071

-----

 

./Adesh

 

 

 

Craddockc
Level 3
Level 3

Thank you for the input everyone! Your answers were very helpful!