Go Premium for a chance to win a PS4. Enter to Win


Cisco AnyConnect VPN Linux alternatives?

Posted on 2011-03-09
Medium Priority
Last Modified: 2012-05-11
Hello Experts,

I was told by an IT guy that "we now use the new "Cisco AnyConnect" and therefore you have to install that on your computer if you want your VPN to work." However, I have previously used Linux vpnc (I have version 0.5.3r449-5.1) to make a Cisco VPN connection with no problems but that I think was for the older Cisco client.

I really don't want an outside source poking around on my development computer (I do all my own IT on my LAN) so my questions are:

1) Does the AnyConnect really work so differently that I won't be able to connect without it?

2) And if not, what settings do I need in a VPN client to work like this new client?

To mimic the old client I used the following settings in vpnc:

  Encryption: Secure (other options were weak and none)

  NAT Traversal: NAT-T (other options were: Cisco UDP & disabled)

  Disable Dead Peer Detection: disabled

  IPv4 Method: Automatic (VPN), (other options: Automatic (VPN) address only)

Thanks heaps!
Question by:RegProctor
  • 2

Accepted Solution

VespaMaru earned 1600 total points
ID: 35087508
I set up and use Cisco AnyConnect VPN client on my Linux PC from home.  It is an SSL VPN, unlike VPNC which is an IPSec VPN.  The client just needs the VPN's IP address or host name and then you enter your credentials.  The group name is listed for you and you don't have to have a shared secret / certificate like VPNC.

Most Cisco ASA's are set up with a Web Address that will automatically determine your OS and install the correct version of AnyConnect.  I have tested it on 32bit and 64 bit Windows, 32 bit and 64 bit Linux (Ubuntu and Fedora) and iPhone's and iPads without an issue.  
LVL 33

Assisted Solution

MikeKane earned 400 total points
ID: 35088724
The old vpn client and anyconnect have quite a few differences.   The main one being that the original client was IPSEC.  Anyconnect is SSL.    

Anyconnect will tunnel over 443 thus eliminating the need to worry about NAT-T or open ports, especially when you are on a network you don't control.  

The Anyconnect client for Linux has 32 and 64 bit support and will autoload (if your admins set it up correctly).    

When installed and connected, you can see a list of tunneled subnets so you know what traffic is being sent via VPN.   You can still control what comes into your machine using iptables.  

Hope that helps.

Author Comment

ID: 35089076
Can I change the port in the client and have it still work? I already use 443 for SSL for my web server.

Also I heard somewhere that it does a "tunnel all". Would that mean that I couldn't do some connections to my server on my LAN and then some to VPN tunnel? I used to this with the old client and it worked really well for my needs.


Author Comment

ID: 35089535
Having let them install it on my Windows computer I can see that all should be fine regarding my questions above.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question