• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1377
  • Last Modified:

Cisco AnyConnect VPN Linux alternatives?

Hello Experts,

I was told by an IT guy that "we now use the new "Cisco AnyConnect" and therefore you have to install that on your computer if you want your VPN to work." However, I have previously used Linux vpnc (I have version 0.5.3r449-5.1) to make a Cisco VPN connection with no problems but that I think was for the older Cisco client.

I really don't want an outside source poking around on my development computer (I do all my own IT on my LAN) so my questions are:

1) Does the AnyConnect really work so differently that I won't be able to connect without it?

2) And if not, what settings do I need in a VPN client to work like this new client?

To mimic the old client I used the following settings in vpnc:

  Encryption: Secure (other options were weak and none)

  NAT Traversal: NAT-T (other options were: Cisco UDP & disabled)

  Disable Dead Peer Detection: disabled

  IPv4 Method: Automatic (VPN), (other options: Automatic (VPN) address only)

Thanks heaps!
  • 2
2 Solutions
I set up and use Cisco AnyConnect VPN client on my Linux PC from home.  It is an SSL VPN, unlike VPNC which is an IPSec VPN.  The client just needs the VPN's IP address or host name and then you enter your credentials.  The group name is listed for you and you don't have to have a shared secret / certificate like VPNC.

Most Cisco ASA's are set up with a Web Address that will automatically determine your OS and install the correct version of AnyConnect.  I have tested it on 32bit and 64 bit Windows, 32 bit and 64 bit Linux (Ubuntu and Fedora) and iPhone's and iPads without an issue.  
The old vpn client and anyconnect have quite a few differences.   The main one being that the original client was IPSEC.  Anyconnect is SSL.    

Anyconnect will tunnel over 443 thus eliminating the need to worry about NAT-T or open ports, especially when you are on a network you don't control.  

The Anyconnect client for Linux has 32 and 64 bit support and will autoload (if your admins set it up correctly).    

When installed and connected, you can see a list of tunneled subnets so you know what traffic is being sent via VPN.   You can still control what comes into your machine using iptables.  

Hope that helps.
RegProctorAuthor Commented:
Can I change the port in the client and have it still work? I already use 443 for SSL for my web server.

Also I heard somewhere that it does a "tunnel all". Would that mean that I couldn't do some connections to my server on my LAN and then some to VPN tunnel? I used to this with the old client and it worked really well for my needs.

RegProctorAuthor Commented:
Having let them install it on my Windows computer I can see that all should be fine regarding my questions above.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now