Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2669
Views
0
Helpful
4
Replies

Remote Access VPN vs Remote Access IPSEC VPN

Srinivasan Nagarajan
Level 1
Level 1

‎07-10-2018 07:05 AM - edited ‎03-12-2019 05:27 AM

Hi Experts,

 

 Can someone please assist the difference between Remote Access VPN vs Remote Access IPSEC VPN with their differences or similarities.

 

 Because both configs and functionalities looks similar and both the VPN's are connected using Anyconnect and provide IP addresses for the connecting users from local Pool.  Any difference in functionalities. Thanks

 

tunnel-group IPSEC-Remote-VPN ipsec-attributes
ikev1 pre-shared-key 123456

 

tunnel-group ANYCONNECT-PROFILE webvpn-attributes
ASA(config-tunnel-webvpn)# group-alias ANYCONNECT-PROFILE enable

 

Labels:
0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎07-10-2018 08:35 AM

Hi,

I assume you are referring to AnyConnect SSL-VPN vs AnyConnect IPSec VPN, both are used for Remote Access. The difference is the protocol used for encrypted the traffic. SSL-VPN uses SSL/TLS and uses tcp/udp port 443, where as IPSec Remote Access VPN uses IKEv2/IPSec on ports udp 500/4500, esp.

 

I'd say most people use SSLVPN. IKEv2/IPSec VPN would be used if you require the next generation algorthims (encryption, integrity, dh etc).

 

I think the first line of configuration you provided was from an IPSec Site-to-Site VPN not a Remote Access VPN.

 

HTH

0 Helpful

Srinivasan Nagarajan
Level 1
Level 1
In response to Rob Ingram

‎07-11-2018 07:09 AM

Hi RJI,

 

Thanks for the reply. Is there any other difference in it's functionalities like Anyconnect pre installation is required. Please advise

 

 

 

 

Regards,

Srinivasan

0 Helpful

Rob Ingram
VIP
VIP
In response to Srinivasan Nagarajan

‎07-11-2018 07:39 AM

Hi,

The functionality is the same, it's a different method to encrypt the traffic. You would still need to upload the AnyConnect client to the ASA for either implementation. AnyConnect uses SSL as the default/primary protocol, if you use IKEv2/IPSec you would need to create an AnyConnect profile and deploy this to the users (can be pushed down via Windows GPO, ISE or from ASA) download and use the AnyConnect Profile Editor to generate the configuration.

 

Example of IKEv2/IPSec and SSL-VPN if required

 

HTH

0 Helpful

Karsten Iwen
VIP
VIP

‎07-10-2018 08:38 AM

Remote-Access-VPN is a general term for a functionality that can be implemented in different ways.

The default on the ASA ist TLS based, which means when talking about remote-access-VPNs, it's likely that this is meant. Implementing IPsec-based remote-access-VPNs needs an additional config and changes the protection from TLS to IPsec. But it still is a remote access-VPN.

 

0 Helpful
Customers Also Viewed These Support Documents