12-01-2015 12:21 AM - edited 02-21-2020 08:34 PM
Dear community
We are in the process of migrating from the old Cisco VPN Client 5 to Cisco AnyConnect.
I have a couple of ASA-5510 running 9.1(1) code with a Base license, and in current setup all remote users log into the VPN using standard IKE/IPSec methods from their laptops (no split tunneling, nothing fancy). The VPN Client currenly has a profile which is imported into each user's laptop and has a pre-shared key stored, the solution works fine.
Management decided to go for the Plus version of AnyConnect, rather than Apex which I believe satisfies all our requirements (overview here: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/feature/guide/anyconnect40features.html).
I have three questions about migrating from VPN Client to AnyConnect:
1) currently my ASA shows that AnyConnect is disabled (see attached screenshot of show version). Do I need to upgrade the license on my ASA? If so does that come with AnyConnect or do I need to order it separately?
2) is it possible to use the VPN profile from VPN Client with AnyConnect or do I need to create a new one?
3) can someone direct me to a configuration guide for remote access VPN using the AnyConnect client rather than the old VPN Client? Are there any caveats / gotchas I should be aware of?
Thanks a lot!
Best regards,
Martin
Solved! Go to Solution.
12-01-2015 12:39 AM
1. Ordering the AnyConnect Plus license will get you a PAK that you can redeem in the self-serivce portal to get an activation key for your ASA. (You will need the ASA serial number as well.) That will enable AnyConnect "Essentials" (old name for Plus feature set (which now includes Mobile), more or less) and allow you to run the "anyconnect-essentials" command.
2. The old style IPsec profiles do not convey to new SSL VPN ones.
3. There are many many of these out there. If you're new to it, you may find Pete Long's how-to blog posting useful:
http://www.petenetlive.com/KB/Article/0000069.htm
12-01-2015 12:39 AM
1. Ordering the AnyConnect Plus license will get you a PAK that you can redeem in the self-serivce portal to get an activation key for your ASA. (You will need the ASA serial number as well.) That will enable AnyConnect "Essentials" (old name for Plus feature set (which now includes Mobile), more or less) and allow you to run the "anyconnect-essentials" command.
2. The old style IPsec profiles do not convey to new SSL VPN ones.
3. There are many many of these out there. If you're new to it, you may find Pete Long's how-to blog posting useful:
http://www.petenetlive.com/KB/Article/0000069.htm
12-08-2015 10:31 PM
Thanks Marvin
That's very helpful.
Best regards,
Martin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide