Random Thread - Anything Goes
-
@scottalanmiller That and a couple of other threads I've stumbled on recently but didn't feel like linking. I still stand by my idea of doing the L2TP/IPSEC VPN if he chooses to keep the ASA. The L2TP/IPSEC works pretty well and avoids having a standalone client application.
-
@EddieJennings said in Random Thread - Anything Goes:
@scottalanmiller That and a couple of other threads I've stumbled on recently but didn't feel like linking. I still stand by my idea of doing the L2TP/IPSEC VPN if he chooses to keep the ASA. The L2TP/IPSEC works pretty well and avoids having a standalone client application.
No license needed to use that?
-
@EddieJennings said in Random Thread - Anything Goes:
@scottalanmiller That and a couple of other threads I've stumbled on recently but didn't feel like linking. I still stand by my idea of doing the L2TP/IPSEC VPN if he chooses to keep the ASA. The L2TP/IPSEC works pretty well and avoids having a standalone client application.
Looks like that requires a license, too.
-
@scottalanmiller The base license allows for 10 VPN connections. I believe extra licensing comes into play when you use their AnyConnect client.
-
@EddieJennings said in Random Thread - Anything Goes:
@scottalanmiller The base license allows for 10 VPN connections. I believe extra licensing comes into play when you use their AnyConnect client.
yeah I thought it came with 5-10 licenses.
-
I thought I read the ASA line was OEL a few years ago. Is that not the case?
-
@EddieJennings said in Random Thread - Anything Goes:
@scottalanmiller The base license allows for 10 VPN connections. I believe extra licensing comes into play when you use their AnyConnect client.
Not according to Cisco's FAQ.
-
@Dashrender said in Random Thread - Anything Goes:
I thought I read the ASA line was OEL a few years ago. Is that not the case?
I think so.
-
@scottalanmiller said in Random Thread - Anything Goes:
@Dashrender said in Random Thread - Anything Goes:
I thought I read the ASA line was OEL a few years ago. Is that not the case?
I think so.
The 5510 was EOL sales in 2013, end of support in 2018
-
@scottalanmiller http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn-cli/vpn-l2tp-ipsec.html
We have ASA 5505's. Our site-to-site VPN is an ikev2, our remote-access VPN uses ikeV1 and lt2p/ipsec as the tunneling protocol. The clients use the built-in Windows l2tp/ipsec client. So as I understand it, no additional licensing is involved as we're not using AnyConnect.
-
@EddieJennings said in Random Thread - Anything Goes:
@scottalanmiller http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn-cli/vpn-l2tp-ipsec.html
We have ASA 5505's. Our site-to-site VPN is an ikev2, our remote-access VPN uses ikeV1 and lt2p/ipsec as the tunneling protocol. The clients use the built-in Windows l2tp/ipsec client. So as I understand it, no additional licensing is involved as we're not using AnyConnect.
That link seems to say that you do need a license, though. Where does it imply that you could get away without one?
-
@EddieJennings said in Random Thread - Anything Goes:
@scottalanmiller http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn-cli/vpn-l2tp-ipsec.html
We have ASA 5505's. Our site-to-site VPN is an ikev2, our remote-access VPN uses ikeV1 and lt2p/ipsec as the tunneling protocol. The clients use the built-in Windows l2tp/ipsec client. So as I understand it, no additional licensing is involved as we're not using AnyConnect.
-
- IPsec remote access VPN using IKEv1 and IPsec site-to-site VPN using IKEv1 or IKEv2:
- Base license: 10 sessions.
This is the license we bought with the ASA, model ASA5505-BUN-K9.
-
I see so you bought 12 with the original purchase.
-
I think we're talking about two different things. I have a license for my ASA, as it was purchased when I bought the device. I do not have additional licensing that allows me to use several AnyConnect clients. We don't need it, as the ikev1 l2tp/ipsec fits our needs.
-
@scottalanmiller Yeah. I believe the base license came with two AnyConnect peers -- mind you I'm relying off of memory and a brief scan of documents.
-
@EddieJennings said in Random Thread - Anything Goes:
I think we're talking about two different things. I have a license for my ASA, as it was purchased when I bought the device. I do not have additional licensing that allows me to use several AnyConnect clients. We don't need it, as the ikev1 l2tp/ipsec fits our needs.
Because you already have licenses? I don't see anywhere that any VPN bypasses a need for licenses.
-
@scottalanmiller It doesn't. The issue is whether or not you can use the AnyConnect client (and connect to an ikev2 remote access VPN). You don't have to use their AnyConnect client (which would require you to have additional licenses for using the AnyConnect client) to establish a remote-access VPN connection, as long as that VPN uses ikev1. To use configure any VPN, you must have some kind of license, which, in my case, is the base license.
-
-