Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Implementing automatic vpn or direct access for users

Posted on 2015-01-08
8
Medium Priority
?
142 Views
Last Modified: 2015-01-30
Hi All,

   I have 100 users in my network who requires to connect to local resources  and application while they are traveling , what is the best option, I was planning to use MS Direct access or my Cisco 5520 FW, what is the best option to automate connectivity task


Thanks
0
Comment
Question by:ITMaster1979
7 Comments
 
LVL 7

Assisted Solution

by:kellemann
kellemann earned 600 total points
ID: 40539669
Direct Access is more complicated to implement, but completely transparent to the user. It is Windows-only, so if you have other devices or operating systems, you will need an alternative anyway.
Cisco AnyConnect is multiplatform and easy to implement. It does need a client to be installed, but this can be done via Group Policy, script or other deployment tools. Users have to log in, so it is one more step they have to perform compared to Direct Access.
0
 
LVL 1

Accepted Solution

by:
ITMaster1979 earned 0 total points
ID: 40539675
Thanks Kellemann

  do I need a license for Cisco AnyConnect, I have two Cisco PIX 5520
0
 
LVL 7

Assisted Solution

by:kellemann
kellemann earned 600 total points
ID: 40539684
Yes, but if you don't need the SSL portal based one (AnyConnect Premium), but only the client based part, it is a relatively cheap license. It is called AnyConnect Essentials and the part no is L-ASA-AC-E-5520
If you are running the two firewalls in an active/passive cluster, you only need to buy one license.
You will also need to buy an SSL certificate for the firewall to authenticate itself towards the clients, or you can use an internal certificate authority if you have one.
0
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 300 total points
ID: 40539810
Beauty of Direct Access is that as soon as computer is on the Internet, it is on the domain.  This is great for security as computer and user policies can be applied and if required, terminated or compromised computers can be locked out from accessing resources on the local computer.  Take a look at Direct Access appliances from Celestix, etc. as they make deployment very simple.
0
 
LVL 7

Assisted Solution

by:tolinrome
tolinrome earned 300 total points
ID: 40540105
I agree with kellemann, I would most definitely go with the Cisco vpn implementation and stay away form Direct Access. DA, although transparent to users, can get complicated and its more to manage. You'll find alot of posts on the Internet where people had a lot of problems configuring it.
0
 
LVL 72

Assisted Solution

by:Qlemo
Qlemo earned 300 total points
ID: 40540826
With Cisco AnyConnect you don't need to force a login if you provide specifc user certificates, so no additional step here. Of course the certificate needs to get revoked if a laptop "gets missing".
0
 
LVL 1

Author Closing Comment

by:ITMaster1979
ID: 40579381
good
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question