Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3103
Views
0
Helpful
5
Replies

EASY VPN Alternative for SSL VPN

mmercaldieze
Level 1
Level 1

‎10-03-2017 06:28 AM - edited ‎03-12-2019 04:35 AM

As of right now I have a bunch of ASA 5505's at users homes connecting to the network using easyvpn. However due to certain issues with the ASA 5506 I am looking to see if there is something better to suite my needs.  I know Palo Alto and Sophos have an option to setup a firewall as a ssl vpn client, which is also a lot more secure as well as no longering using antiquited ipsec technology.  Is there a way to have an ASA or a Router or some other cisco device to act as an Anyconnect client or a SSL VPN client?

 

 

Labels:
0 Helpful
5 Replies 5

Flavio Miranda
VIP
VIP

‎10-03-2017 08:02 AM

Hello,

 

 Sure it is. Here a detailed guide:

https://www.cisco.com/c/en/us/support/docs/security-vpn/webvpn-ssl-vpn/119417-config-asa-00.html

0 Helpful

mmercaldieze
Level 1
Level 1
In response to Flavio Miranda

‎01-09-2018 08:36 AM

I am sorry I think you misunderstood, I am looking for a way to do ASA to ASA or Meraki to ASA if the Meraki or ASA at one location has a dynamic wan ip

0 Helpful

GioGonza
Level 4
Level 4

‎10-03-2017 09:58 AM

Hello @mmercaldieze,

 

As per your question, the ASA cannot be SSL VPN Client only Server. The only one that can act as VPN Client is the ASA 5505 and using EzVPN. The rest of the ASAs series can only be servers for either IPSec or SSL connections. 

 

HTH

Gio

0 Helpful

mmercaldieze
Level 1
Level 1
In response to GioGonza

‎01-09-2018 08:35 AM

The problem is the ASA 5505s are no longer getting security updates and the EOL notice has already gone out for them.  Also EASYVPN is based on deprecated technology that is not supported well on the next gen firewalls so it is not really any option anymore

0 Helpful

Karsten Iwen
VIP
VIP

‎10-03-2017 02:02 PM

There is no SSL-Client, but there are still some options for you. But IPsec is not outdated, most of the time it will provide better security than TLS. But this is more from a theoretical standpoint. What could you do:

  1. Use a Meraki MX at the HQ and Meraki MX or Z1/Z3 at the home-offices. This setup will probably be the easiest to implement.
  2. The router has many options for VPNs where the client doesn't need a fixed IP. There are VTI/DVTI, DMVPN or FlexVPN. On version 9.7/9.8 the VTI-option is also available on the ASA and can also connect to a router with DVTI.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents