Solved

ASA SSL VPN essentials

Posted on 2011-09-20
4
510 Views
Last Modified: 2012-05-12
i am looking for a easy to follow, how to setup SSL VPN essentials. i am buying the license. we are currently using the vpn client, can these co exist? i will remove old vpn cleint after ssl is installed and tested.
0
Comment
Question by:Hubman
  • 2
  • 2
4 Comments
 
LVL 18

Accepted Solution

by:
jmeggers earned 500 total points
Comment Utility
If you're talking about the IPsec VPN client, it can coexist with the AnyConnect client.  If you're talking about the AnyConnect client itself, it's the same client for premium and Essentials licenses.  If you're talking about the old SVC client, get rid of it.

If you're setting up the VPN, my advice is to use the wizard in ASDM.  Pretty easy to follow, the big stumbling block everyone seems to hit is NAT, but if you're currently using the IPSec client you should have already addressed that.  If you're converting from IPSec over to SSL, my suggestion would be to use the existing address pool, since you've probably already addressed the no-NAT issue for that address block.
0
 
LVL 1

Author Comment

by:Hubman
Comment Utility
Cisco AnyConnect Essentials is the one I want to install. currently using the IPSec.
0
 
LVL 1

Author Comment

by:Hubman
Comment Utility
How many hours should it take to configure if someone knows what they are doing?
0
 
LVL 18

Expert Comment

by:jmeggers
Comment Utility
Sorry I didn't see your follow-up question.  A basic configuration on the ASA shouldn't take long for someone who knows what they're doing. Once you know the topology and how to handle NAT, etc. There's also an XML file to set up, there are typically files that have to be loaded onto the ASA (the client itself), so total configuration on the ASA, maybe 30 minutes.  Someone who already has everything worked out, files loaded, etc. can probably do it faster than that, it's generally not more than 10 commands or so on the ASA.  Usually when I'm working with a customer the slowdowns are they don't already have a TFTP server set up, they haven't pulled the client down from CCO, etc.  Those are the things that add time to the job.

AnyConnect Essentials doesn't allow for a lot of extras such as posture assessment, etc.  Those features require premium licenses and those features do require additional time to configure in ASDM.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now