reply to Anav
Re: [HELP] Lost in Jungle of VPN Choices..... vpnclient is the full-blown Cisco IPSec client (there are "better" clones of it out there.) anyconnect is the SSL VPN client -- you load it on the asa and it will feed it to the client via https. Each is more-or-less independantly configured. (crypto map vs. webvpn)
I use both. The VPN Client is best when you have a fairly static network (home to office, where things rarely change) where the connection is up over a long period. SSL VPN is best in "hostile" networks common to traveling laptops. (however, the base license only supports 2 concurrent sslvpn connections.)
AnavSarcastic Llama? Naw, Just AcerbicPremium
No worries cramer, I only need one ssl vpn setup. So the anyconnect SSL seems viable, as it pushed it to the client the first time. (easier than a generic ssl vpn client or at least more secure).
Just need to confirm its the
file looking for size 4694KB, and under properties, 4.58MB (4,805,906 bytes). I also have the mac one......
macosx-i386-2.5.3055-k9.pkg file size 6154KB
Hi Anav, quick answer to your questions:
1). If you already have the windows/mac packages, just add them to your config under webvpn:
anyconnect image disk0:/anyconnect-win-2.5.3055-k9.pkg 1 regex "Windows NT"
anyconnect image disk0:/macosx-i386-2.5.3055-k9.pkg 2 regex "Intel Mac OS X"
You can also get any of the packages off of CCO. Once a user logs into webvpn, there will be an option for Anyconnect and it will install the appropriate package based on the OS of the client. There are also iOS clients and I think Android. They require another license though, called "Anyconnect Mobile". The 2 default Anyconnect licenses will work for Windows and OS X (and linux) clients.
2). It is absolutely possible to SSH/HTTPS to your firewall over VPN. Add this:
ssh x.x.x.x y.y.y.y INSIDE
http x.x.x.x y.y.y.y INSIDE
where x.x.x.x is the network you are coming from and y.y.y.y is the subnet mask.
Config is the same for any 8.x (I haven't changed this since 8.0.5 and I am running 8.4.3 now).