SSL VPN

i am looking into install the SSL VPN on the ASA 5510 and was looking for your thoughts on how you like it and how secure? hardware requirenments for the ASA? Any other info you can provide?
LVL 1
HubmanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mahrens007Commented:
I like the SSL webVPN.  Depending how complex your network is, you can create multiple portable pages for different users.  Once logged in, the user will be prompted to install the client the first time.  

The anyConnect can run on windows, MAC and linux.  Here are the hardware requirements: http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect22/release/notes/anyconnect22rn.html


0
lrmooreCommented:
Several flavors of SSL VPN
Clientless SSL VPN - where end user never has to download any client. End user can be presented with a portal page with bookmark hyperlinks to access internal services. Great for end users that simply need access to a couple of resources like RDP to their PC, or http:// to a web server (or Citrix web front end), or to grab a shared file.

AnyConnect VPN Client - this is the new paradigm for VPN clients. You can use the clientless portal page to distribute the client. Once the client is installed on the remote user's PC, they only use it next time. This client provides full network access (or restricted access, whatever is appropriate).
Now, the licensing is also tricky.
You have AnyConnect Essentials - this is a per-appliance license and enables the clientless SSL VPN and basic AnYConnect VPN client connections. About $150 per appliance.
Then you have AnyConnect Premium license. About $150 per USER. This license allows you to take advantage of Secure Remote Desktop and have a tremendous amount of control over the remote end device. Things like keylog checker, cache flush, Antivirus OK?, Firewall on?
Then you have AnyConnect Mobile which is also per-appliance for about $150 which enables mobile clients like iPhone, windows phones to use the AnyConnect client.
Bottom line -
SSL/AnyConnect gives you total control over the end device, but costs some $
IPSEC VPN gives you only end-user authentication, but at $0 additional cost
SSL/Clientless web portal gives you an easy way to provide limited access to end users.
SSL/Anyconnect is best for road warriors because it is more 'friendly" to remote location firewalls. IPSEC client sometimes gets blocked/limited at remote locations (i.e. some hotels)..
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MikeKaneCommented:
A few other items I'll toss in here.  

Anyconnect VPN works much better than IPSEC for others behind NAT devices or other firewalls.   Since the AnyConnect works over port 443, most companies and home routers will already have this configured so there are no extra steps.   Even Hotels with wifi will aloow this outbound.        This is much different than IPSEC where you had to worry about NAT-T , extra UDP.TCP ports, and whetever else.       Even though it does cost more, it takes care of a lot of the headaches associated with the original IPSEC client.  


0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

HubmanAuthor Commented:
Any Connect VPN is a one time cost of $150? can this be configured to allow groups different access to different network resoucres?
0
lrmooreCommented:
AnyConnect "Essentials", yes. One time license cost of $150 (List, for 5510 appliance)
ASA-AC-E-5510=  AnyConnect Essentials VPN License - ASA 5510 (250 Users)  B  USD 150.00  

Yes, you can setup multiple groups with different levels of access just like with the IPSEC client.
0
HubmanAuthor Commented:
Does Cisco have a online demo
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.