AnyConnect Premium vs AnyConnect Essentials

denver218
denver218 used Ask the Experts™
on
Since the Cisco VPN Client is reaching end of life, I'm looking for another solution.  Right now I have thousands of users who use the Cisco VPN Client to connect to their hosted applications.  I would like to go with Cisco AnyConnect, but I'm a little unsure about the licensing.  I see there is AnyConnect Premium and AnyConnect Essentials.  AnyConnect Premium is way out of my budget, but AnyConnect Essentials seems affordable.  I'm looking for someone who has used AnyConnect Essentials.  I have read the documentation, but I'm still unsure how AnyConnect Essentials works.  Do I get to it via a webpage, or do I need to install the client on all machines.  How many AnyConnect Licenses can go on a ASA5510?  I have read Cisco's documentation on AnyConnect, but not using it before I want to be sure that AnyConnect Essentials will do everything that the Cisco VPN Clients does.  Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Network Architect
Commented:
AnyConnect Essentials is basically a replacement for IPSec.  It provides full-tunnel connectivity, so any software runs through it (you're not limited to browser-based applications as with client less). Personally, I've found it to be much more forgiving of fluctuations in network connectivity than IPSec is.  The client can be distributed by a patch management system, or users can install it by using a web browser to go to the ASA and the client is pushed down.  Much easier deployment than IPSec, and the client is maintained as new versions are put into the ASA configuration.  It is not exactly free, as IPSec is, but it's close in the few hundreds of dollars depending on the model of ASA.

There area a few caveats.  First, Essentials is licensed for all the SSL connections a particular ASA model can handle.  So once you've enabled Essentials, any premium licenses are lost because only the Essentials licenses will be used.  That means if you need to provide both a client less and full-tunnel portal, you'll need two ASAs.  Second, Essentials doesn't support clientless VPN, nor does it support any of the CSD-based services such as endpoint assessment, etc.  So if you require any of those features, you will need premium licenses, but those features aren't available with IPSec anyway.

Author

Commented:
Thanks.  Do I have to use an ASA for AnyConnect?  Can I configure a remote access VPN on a Cisco 2800 or 2900 series router and use anyconnect?  The reason I ask is because I have some clients who have 2800 series routers and currently have a remote access VPN configured on them and use the Cisco VPN Client to Connect.  Can I configure a 2800 series router to use AnyConnect?  
John MeggersNetwork Architect

Commented:
Here's a configuration example, so it is clearly supported.  http://www.cisco.com/en/US/products/ps8411/products_configuration_example09186a0080b25941.shtml

Author

Commented:
Thanks.  I think AnyConnect Essentials will work for me .

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial