Search this Blog

Monday, September 13, 2010

Cisco SSL VPN on ASA for a large user poulation (700+ users)

We are looking for a SSL VPN Solution for our Company that would scale to 700+ users in the next few years. We are currently using the Avetail SSL VPN, and although it does a good job, the licenses are a bit expensive and we do have an opportunity to evaluate other solutions. Is Anyone using the Cisco SSL VPN for somewhat large user population? Is it stable? We are familiar with Cisco’s IPSec VPN on the ASA and concentrator, but don’t have much experience with the SSL VPN.

  • Any connect using ASAs as head end devices should be able to fit your requirements quite well. There are a number of different models that can scale up and over 700 users. The data sheet here will list the platform limitations for each ASA model .
  • In regard to costs if you are just looking to provide ipsec client replacement/full tunnel access a license called 'Any connect essentials' can be purchased. The premium ssl vpn licenses are bought on a per-user basis and provide clientless access, CSD, Endpoint assessment, along with Any connect access. If you just need Any connect access the 'Any connect essentials' license is reduce cost and a per box (rather than per user) feature.
  • In regards to high availability you can either cluster the ASAs together in a load balance fashion or go for a Active/Standy situation. There are also features like Optimal Gateway Selection and backup server lists (configured in Anyconnect profiles) that will allow for geographic backup/failover.
  • The any connect has complete feature parity with the ipsec client plus extended OS support and features.
Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

No comments :

Post a Comment

/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */