Solved

Implementing automatic vpn or direct access for users

Posted on 2015-01-08
8
138 Views
Last Modified: 2015-01-30
Hi All,

   I have 100 users in my network who requires to connect to local resources  and application while they are traveling , what is the best option, I was planning to use MS Direct access or my Cisco 5520 FW, what is the best option to automate connectivity task


Thanks
0
Comment
Question by:ITMaster1979
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 7

Assisted Solution

by:kellemann
kellemann earned 200 total points
ID: 40539669
Direct Access is more complicated to implement, but completely transparent to the user. It is Windows-only, so if you have other devices or operating systems, you will need an alternative anyway.
Cisco AnyConnect is multiplatform and easy to implement. It does need a client to be installed, but this can be done via Group Policy, script or other deployment tools. Users have to log in, so it is one more step they have to perform compared to Direct Access.
0
 
LVL 1

Accepted Solution

by:
ITMaster1979 earned 0 total points
ID: 40539675
Thanks Kellemann

  do I need a license for Cisco AnyConnect, I have two Cisco PIX 5520
0
 
LVL 7

Assisted Solution

by:kellemann
kellemann earned 200 total points
ID: 40539684
Yes, but if you don't need the SSL portal based one (AnyConnect Premium), but only the client based part, it is a relatively cheap license. It is called AnyConnect Essentials and the part no is L-ASA-AC-E-5520
If you are running the two firewalls in an active/passive cluster, you only need to buy one license.
You will also need to buy an SSL certificate for the firewall to authenticate itself towards the clients, or you can use an internal certificate authority if you have one.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 100 total points
ID: 40539810
Beauty of Direct Access is that as soon as computer is on the Internet, it is on the domain.  This is great for security as computer and user policies can be applied and if required, terminated or compromised computers can be locked out from accessing resources on the local computer.  Take a look at Direct Access appliances from Celestix, etc. as they make deployment very simple.
0
 
LVL 7

Assisted Solution

by:tolinrome
tolinrome earned 100 total points
ID: 40540105
I agree with kellemann, I would most definitely go with the Cisco vpn implementation and stay away form Direct Access. DA, although transparent to users, can get complicated and its more to manage. You'll find alot of posts on the Internet where people had a lot of problems configuring it.
0
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 100 total points
ID: 40540826
With Cisco AnyConnect you don't need to force a login if you provide specifc user certificates, so no additional step here. Of course the certificate needs to get revoked if a laptop "gets missing".
0
 
LVL 1

Author Closing Comment

by:ITMaster1979
ID: 40579381
good
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
OfficeMate Freezes on login or does not load after login credentials are input.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question