Cisco AnyConnect VPN Linux alternatives?

Posted on 2011-03-09
Medium Priority
Last Modified: 2012-05-11
Hello Experts,

I was told by an IT guy that "we now use the new "Cisco AnyConnect" and therefore you have to install that on your computer if you want your VPN to work." However, I have previously used Linux vpnc (I have version 0.5.3r449-5.1) to make a Cisco VPN connection with no problems but that I think was for the older Cisco client.

I really don't want an outside source poking around on my development computer (I do all my own IT on my LAN) so my questions are:

1) Does the AnyConnect really work so differently that I won't be able to connect without it?

2) And if not, what settings do I need in a VPN client to work like this new client?

To mimic the old client I used the following settings in vpnc:

  Encryption: Secure (other options were weak and none)

  NAT Traversal: NAT-T (other options were: Cisco UDP & disabled)

  Disable Dead Peer Detection: disabled

  IPv4 Method: Automatic (VPN), (other options: Automatic (VPN) address only)

Thanks heaps!
Question by:RegProctor
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Accepted Solution

VespaMaru earned 1600 total points
ID: 35087508
I set up and use Cisco AnyConnect VPN client on my Linux PC from home.  It is an SSL VPN, unlike VPNC which is an IPSec VPN.  The client just needs the VPN's IP address or host name and then you enter your credentials.  The group name is listed for you and you don't have to have a shared secret / certificate like VPNC.

Most Cisco ASA's are set up with a Web Address that will automatically determine your OS and install the correct version of AnyConnect.  I have tested it on 32bit and 64 bit Windows, 32 bit and 64 bit Linux (Ubuntu and Fedora) and iPhone's and iPads without an issue.  
LVL 33

Assisted Solution

MikeKane earned 400 total points
ID: 35088724
The old vpn client and anyconnect have quite a few differences.   The main one being that the original client was IPSEC.  Anyconnect is SSL.    

Anyconnect will tunnel over 443 thus eliminating the need to worry about NAT-T or open ports, especially when you are on a network you don't control.  

The Anyconnect client for Linux has 32 and 64 bit support and will autoload (if your admins set it up correctly).    

When installed and connected, you can see a list of tunneled subnets so you know what traffic is being sent via VPN.   You can still control what comes into your machine using iptables.  

Hope that helps.

Author Comment

ID: 35089076
Can I change the port in the client and have it still work? I already use 443 for SSL for my web server.

Also I heard somewhere that it does a "tunnel all". Would that mean that I couldn't do some connections to my server on my LAN and then some to VPN tunnel? I used to this with the old client and it worked really well for my needs.


Author Comment

ID: 35089535
Having let them install it on my Windows computer I can see that all should be fine regarding my questions above.

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question