Solved

Implementing automatic vpn or direct access for users

Posted on 2015-01-08
8
132 Views
Last Modified: 2015-01-30
Hi All,

   I have 100 users in my network who requires to connect to local resources  and application while they are traveling , what is the best option, I was planning to use MS Direct access or my Cisco 5520 FW, what is the best option to automate connectivity task


Thanks
0
Comment
Question by:ITMaster1979
8 Comments
 
LVL 7

Assisted Solution

by:kellemann
kellemann earned 200 total points
ID: 40539669
Direct Access is more complicated to implement, but completely transparent to the user. It is Windows-only, so if you have other devices or operating systems, you will need an alternative anyway.
Cisco AnyConnect is multiplatform and easy to implement. It does need a client to be installed, but this can be done via Group Policy, script or other deployment tools. Users have to log in, so it is one more step they have to perform compared to Direct Access.
0
 
LVL 1

Accepted Solution

by:
ITMaster1979 earned 0 total points
ID: 40539675
Thanks Kellemann

  do I need a license for Cisco AnyConnect, I have two Cisco PIX 5520
0
 
LVL 7

Assisted Solution

by:kellemann
kellemann earned 200 total points
ID: 40539684
Yes, but if you don't need the SSL portal based one (AnyConnect Premium), but only the client based part, it is a relatively cheap license. It is called AnyConnect Essentials and the part no is L-ASA-AC-E-5520
If you are running the two firewalls in an active/passive cluster, you only need to buy one license.
You will also need to buy an SSL certificate for the firewall to authenticate itself towards the clients, or you can use an internal certificate authority if you have one.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 24

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 100 total points
ID: 40539810
Beauty of Direct Access is that as soon as computer is on the Internet, it is on the domain.  This is great for security as computer and user policies can be applied and if required, terminated or compromised computers can be locked out from accessing resources on the local computer.  Take a look at Direct Access appliances from Celestix, etc. as they make deployment very simple.
0
 
LVL 7

Assisted Solution

by:tolinrome
tolinrome earned 100 total points
ID: 40540105
I agree with kellemann, I would most definitely go with the Cisco vpn implementation and stay away form Direct Access. DA, although transparent to users, can get complicated and its more to manage. You'll find alot of posts on the Internet where people had a lot of problems configuring it.
0
 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 100 total points
ID: 40540826
With Cisco AnyConnect you don't need to force a login if you provide specifc user certificates, so no additional step here. Of course the certificate needs to get revoked if a laptop "gets missing".
0
 
LVL 1

Author Closing Comment

by:ITMaster1979
ID: 40579381
good
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now