Implementing automatic vpn or direct access for users

Hi All,

   I have 100 users in my network who requires to connect to local resources  and application while they are traveling , what is the best option, I was planning to use MS Direct access or my Cisco 5520 FW, what is the best option to automate connectivity task


Thanks
LVL 1
ITMaster1979Asked:
Who is Participating?
 
ITMaster1979Author Commented:
Thanks Kellemann

  do I need a license for Cisco AnyConnect, I have two Cisco PIX 5520
0
 
kellemannCommented:
Direct Access is more complicated to implement, but completely transparent to the user. It is Windows-only, so if you have other devices or operating systems, you will need an alternative anyway.
Cisco AnyConnect is multiplatform and easy to implement. It does need a client to be installed, but this can be done via Group Policy, script or other deployment tools. Users have to log in, so it is one more step they have to perform compared to Direct Access.
0
 
kellemannCommented:
Yes, but if you don't need the SSL portal based one (AnyConnect Premium), but only the client based part, it is a relatively cheap license. It is called AnyConnect Essentials and the part no is L-ASA-AC-E-5520
If you are running the two firewalls in an active/passive cluster, you only need to buy one license.
You will also need to buy an SSL certificate for the firewall to authenticate itself towards the clients, or you can use an internal certificate authority if you have one.
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

 
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Beauty of Direct Access is that as soon as computer is on the Internet, it is on the domain.  This is great for security as computer and user policies can be applied and if required, terminated or compromised computers can be locked out from accessing resources on the local computer.  Take a look at Direct Access appliances from Celestix, etc. as they make deployment very simple.
0
 
tolinromeCommented:
I agree with kellemann, I would most definitely go with the Cisco vpn implementation and stay away form Direct Access. DA, although transparent to users, can get complicated and its more to manage. You'll find alot of posts on the Internet where people had a lot of problems configuring it.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
With Cisco AnyConnect you don't need to force a login if you provide specifc user certificates, so no additional step here. Of course the certificate needs to get revoked if a laptop "gets missing".
0
 
ITMaster1979Author Commented:
good
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.