?
Solved

Implementing automatic vpn or direct access for users

Posted on 2015-01-08
8
Medium Priority
?
140 Views
Last Modified: 2015-01-30
Hi All,

   I have 100 users in my network who requires to connect to local resources  and application while they are traveling , what is the best option, I was planning to use MS Direct access or my Cisco 5520 FW, what is the best option to automate connectivity task


Thanks
0
Comment
Question by:ITMaster1979
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 7

Assisted Solution

by:kellemann
kellemann earned 600 total points
ID: 40539669
Direct Access is more complicated to implement, but completely transparent to the user. It is Windows-only, so if you have other devices or operating systems, you will need an alternative anyway.
Cisco AnyConnect is multiplatform and easy to implement. It does need a client to be installed, but this can be done via Group Policy, script or other deployment tools. Users have to log in, so it is one more step they have to perform compared to Direct Access.
0
 
LVL 1

Accepted Solution

by:
ITMaster1979 earned 0 total points
ID: 40539675
Thanks Kellemann

  do I need a license for Cisco AnyConnect, I have two Cisco PIX 5520
0
 
LVL 7

Assisted Solution

by:kellemann
kellemann earned 600 total points
ID: 40539684
Yes, but if you don't need the SSL portal based one (AnyConnect Premium), but only the client based part, it is a relatively cheap license. It is called AnyConnect Essentials and the part no is L-ASA-AC-E-5520
If you are running the two firewalls in an active/passive cluster, you only need to buy one license.
You will also need to buy an SSL certificate for the firewall to authenticate itself towards the clients, or you can use an internal certificate authority if you have one.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 300 total points
ID: 40539810
Beauty of Direct Access is that as soon as computer is on the Internet, it is on the domain.  This is great for security as computer and user policies can be applied and if required, terminated or compromised computers can be locked out from accessing resources on the local computer.  Take a look at Direct Access appliances from Celestix, etc. as they make deployment very simple.
0
 
LVL 7

Assisted Solution

by:tolinrome
tolinrome earned 300 total points
ID: 40540105
I agree with kellemann, I would most definitely go with the Cisco vpn implementation and stay away form Direct Access. DA, although transparent to users, can get complicated and its more to manage. You'll find alot of posts on the Internet where people had a lot of problems configuring it.
0
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 300 total points
ID: 40540826
With Cisco AnyConnect you don't need to force a login if you provide specifc user certificates, so no additional step here. Of course the certificate needs to get revoked if a laptop "gets missing".
0
 
LVL 1

Author Closing Comment

by:ITMaster1979
ID: 40579381
good
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question