Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
633
Views
0
Helpful
4
Replies

What does deploying AnyConnect look like?

Go to solution
AxelAxel
Level 1
Level 1

‎11-28-2022 06:47 AM - edited ‎11-28-2022 06:52 AM

Right now, we are using Azure p2s VPN within the virtual network. I am running into so many issues because of it so I wanted to look into using AnyConnect, which I used at our last job. It seems a lot more solid than this Azure P2S stuff, plus I can configure who has access to what. 

My question is, what does it look like to deploy this? We don't have an "on-prem" data center, we are purely in Azure with all remote laptops.  I have looked at pricing on CDW's site, and it looks surprisingly reasonable. My question is, what does the server look like? Is it a physical appliance? Can it run as a VM? Can it be hosted in Azure? Is it just an install on Windows? Do you have to purchase other licenses to run an AnyConnect "server" or do you only need the one license? We do not have anything cisco currently if that makes a difference. I am just wanted to deploy Cisco AnyConnect and nothing else right now.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎11-28-2022 11:56 AM

Hi @AxelAxel,

If you would like to run AnyConnect inside Azure, then yes, it is possible. You would need to deploy ASA or FTD in Azure (like VM appliance from Azure Marketplace), and once you successfully deploy it, it is more-less like standard ASA/FTD deployment with AnyConnect - you would need to deploy certificate, AAA servers, policies, etc. I know about BYOL concept, and not sure if there is any other. However, please bare in mind that in Azure different concepts apply given that there is no L2 concept, so standard HA is not working there, but HA is achieved via LB.

Kind regards,

Milos

View solution in original post

0 Helpful

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎11-28-2022 10:39 PM

Yes, given it is a SW product, you'll need to license it as well (ASAv license per throughput plus AnyConnect license per user). If you don't have any experience with this, I would recommend to contract someone to guide you through most optimal setup for you and to do necessary configuration, as I tend to find this a complicated task to be executed with zero experience.

Kind regards,

Milos

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎11-28-2022 11:56 AM

Hi @AxelAxel,

If you would like to run AnyConnect inside Azure, then yes, it is possible. You would need to deploy ASA or FTD in Azure (like VM appliance from Azure Marketplace), and once you successfully deploy it, it is more-less like standard ASA/FTD deployment with AnyConnect - you would need to deploy certificate, AAA servers, policies, etc. I know about BYOL concept, and not sure if there is any other. However, please bare in mind that in Azure different concepts apply given that there is no L2 concept, so standard HA is not working there, but HA is achieved via LB.

Kind regards,

Milos

0 Helpful

Go to solution
AxelAxel
Level 1
Level 1
In response to Milos_Jovanovic

‎11-28-2022 06:07 PM

Thanks for that @Milos_Jovanovic ! My follow up question would be I assume the ASA would have to be licensed as well? We have 0 Cisco products currently and beyond a simple switch with a few VLANs, I have no experience with Cisco as an admin. 

0 Helpful

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎11-28-2022 10:39 PM

Yes, given it is a SW product, you'll need to license it as well (ASAv license per throughput plus AnyConnect license per user). If you don't have any experience with this, I would recommend to contract someone to guide you through most optimal setup for you and to do necessary configuration, as I tend to find this a complicated task to be executed with zero experience.

Kind regards,

Milos

0 Helpful

Go to solution
AxelAxel
Level 1
Level 1
In response to Milos_Jovanovic

‎11-29-2022 04:37 AM

Thanks, that is exactly what I needed to know!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents