• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 658
  • Last Modified:

Cisco ASA5505 - Configure IPSec Connection

Hi Experts,

I have a new cisco ASA5505 up and running. Users can connect via the AnyConnect software or WebVPN.

I would like to configure the IPSec VPN so more than 2 users (currently max amount of SSL Licenses we have) can connect. From my understanding users not using the AnyConnect software can use the VPN Client software.

What are the commands to setup the IPSec?
Where can I download the VPN Client Software?

Thanks!
0
RLComputing
Asked:
RLComputing
1 Solution
 
John MeggersNetwork ArchitectCommented:
VPN client is available on CCO.  The IPSec configuration has several components but isn't terribly difficult.  There's a page on CCO with example configurations at http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html.

Is it a requirement that you support clientless VPN?  If not, I would strongly recommend looking at AnyConnect Essentials.  It's full tunnel using the AnyConnect client as you are today.  Much easier client deployment and update than with IPSec. Basically the first time the user connects they connect through a browser and the ASA downloads and installs the client.  Subsequent connections are directly from the client.  The client always checks to see if there's a new client on the ASA.  It's not completely free, as IPSec is, but the IPSec client has almost no development going on now, and the cost is extremely low compared to full SSL licenses.  Like a few hundred dollars compared to thousands for full SSL licenses.

There are a couple of downsides.  One is Essentials is not compatible with full SSL licenses.  Once you're using Essentials, you cannot support clientless VPN, nor some of the advanced features such as Secure Desktop and advanced client assessments.  But as a replacement for IPSec, it's a good product.  We use it at my company and I find the SSL connections are much more forgiving to fluctuations in network connectivity than IPSec is.  There's a little information on the AnyConnect data sheet at http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-527494.html.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now