Cisco ASA5505 - Configure IPSec Connection

Hi Experts,

I have a new cisco ASA5505 up and running. Users can connect via the AnyConnect software or WebVPN.

I would like to configure the IPSec VPN so more than 2 users (currently max amount of SSL Licenses we have) can connect. From my understanding users not using the AnyConnect software can use the VPN Client software.

What are the commands to setup the IPSec?
Where can I download the VPN Client Software?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

John MeggersNetwork ArchitectCommented:
VPN client is available on CCO.  The IPSec configuration has several components but isn't terribly difficult.  There's a page on CCO with example configurations at

Is it a requirement that you support clientless VPN?  If not, I would strongly recommend looking at AnyConnect Essentials.  It's full tunnel using the AnyConnect client as you are today.  Much easier client deployment and update than with IPSec. Basically the first time the user connects they connect through a browser and the ASA downloads and installs the client.  Subsequent connections are directly from the client.  The client always checks to see if there's a new client on the ASA.  It's not completely free, as IPSec is, but the IPSec client has almost no development going on now, and the cost is extremely low compared to full SSL licenses.  Like a few hundred dollars compared to thousands for full SSL licenses.

There are a couple of downsides.  One is Essentials is not compatible with full SSL licenses.  Once you're using Essentials, you cannot support clientless VPN, nor some of the advanced features such as Secure Desktop and advanced client assessments.  But as a replacement for IPSec, it's a good product.  We use it at my company and I find the SSL connections are much more forgiving to fluctuations in network connectivity than IPSec is.  There's a little information on the AnyConnect data sheet at

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.