IT Certification and Training Blog

ASA Technology Update Part 3 of 4

Posted by Kelson Lawrence on Feb 8, 2011 10:18:00 AM

By Ryan Lindfield

AnyConnect Essentials

AnyConnect Essentials is a new licensing option for Secure Socket Layer Virtual Private Network (SSL VPN) client on the ASA. With the introduction of SSL VPN, Cisco began charging “per connection fees” for remote VPN connections. This came as a shock to many of you who were accustomed to connecting as many users as the box allowed with IPSec and never giving a thought to licensing. The default WebVPN license on the ASA is for two concurrent WebVPN users; each additional user requires additional licensing.

The traditional WebVPN licensing is a fairly cost-prohibitive option for many administrators but it is only required if you are using WebVPN. The traditional IPSec VPN connections either site-to-site or remote access work with no licensing fees. The problem is that Cisco did not release a Windows 7 or a 64-bit Windows IPSec client, which means that for each remote user who has a 64-bit operating system (OS), you will need to have a license for each user if all users will be connected to the ASA at the same time.

With the AnyConnect Essentials licensing, you can purchase a reduced-cost license that allows client-based users to build VPN connections if the users are using the AnyConnect client. In other words, if you want to use the Web portal (clientless) or support Cisco Secure Desktop, you will need the traditional (more expensive) licenses. If you simply need to enable those 64-bit Windows hosts to connect remotely while using a software client, you can purchase the AnyConnect Essentials license (less expensive).

For those of you with Apple hardware running Snow Leopard (10.6), you will be relieved to know that even though you have a 64-bit OS, there is built-in support for Cisco IPSec remote access, so you will not have to purchase any additional licensing or even install additional software, as it’s built directly into the OS (although a bit hidden). Simply add a new network interface, select VPN under interface, and select CiscoIPSec under VPN Type. There is no need to launch a third-party application, as required in the past.

ASA Specialist Certification

EMAIL: [email protected]

813-925-0700 (opt 2)
877-333-EXAM (opt 2)
FAX: 813-925-3957

Tags: adaptive security appliance, Ryan Lindfield, asa, technology, anyconnect essentials, networking