Solved

Cisco AnyConnect VPN Linux alternatives?

Posted on 2011-03-09
4
1,202 Views
Last Modified: 2012-05-11
Hello Experts,

I was told by an IT guy that "we now use the new "Cisco AnyConnect" and therefore you have to install that on your computer if you want your VPN to work." However, I have previously used Linux vpnc (I have version 0.5.3r449-5.1) to make a Cisco VPN connection with no problems but that I think was for the older Cisco client.

I really don't want an outside source poking around on my development computer (I do all my own IT on my LAN) so my questions are:

1) Does the AnyConnect really work so differently that I won't be able to connect without it?

2) And if not, what settings do I need in a VPN client to work like this new client?

To mimic the old client I used the following settings in vpnc:

  Encryption: Secure (other options were weak and none)

  NAT Traversal: NAT-T (other options were: Cisco UDP & disabled)

  Disable Dead Peer Detection: disabled

  IPv4 Method: Automatic (VPN), (other options: Automatic (VPN) address only)

Thanks heaps!
0
Comment
Question by:RegProctor
  • 2
4 Comments
 
LVL 3

Accepted Solution

by:
VespaMaru earned 400 total points
ID: 35087508
I set up and use Cisco AnyConnect VPN client on my Linux PC from home.  It is an SSL VPN, unlike VPNC which is an IPSec VPN.  The client just needs the VPN's IP address or host name and then you enter your credentials.  The group name is listed for you and you don't have to have a shared secret / certificate like VPNC.

Most Cisco ASA's are set up with a Web Address that will automatically determine your OS and install the correct version of AnyConnect.  I have tested it on 32bit and 64 bit Windows, 32 bit and 64 bit Linux (Ubuntu and Fedora) and iPhone's and iPads without an issue.  
0
 
LVL 33

Assisted Solution

by:MikeKane
MikeKane earned 100 total points
ID: 35088724
The old vpn client and anyconnect have quite a few differences.   The main one being that the original client was IPSEC.  Anyconnect is SSL.    

Anyconnect will tunnel over 443 thus eliminating the need to worry about NAT-T or open ports, especially when you are on a network you don't control.  

The Anyconnect client for Linux has 32 and 64 bit support and will autoload (if your admins set it up correctly).    

When installed and connected, you can see a list of tunneled subnets so you know what traffic is being sent via VPN.   You can still control what comes into your machine using iptables.  

Hope that helps.
0
 
LVL 1

Author Comment

by:RegProctor
ID: 35089076
Can I change the port in the client and have it still work? I already use 443 for SSL for my web server.

Also I heard somewhere that it does a "tunnel all". Would that mean that I couldn't do some connections to my server on my LAN and then some to VPN tunnel? I used to this with the old client and it worked really well for my needs.

0
 
LVL 1

Author Comment

by:RegProctor
ID: 35089535
Having let them install it on my Windows computer I can see that all should be fine regarding my questions above.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now