Fawad It should be like you say but to be honest I am not quite sure - maybe at some point it will try to refresh the profile which would break connectivity.
Regards, Piotr Kaluzny : Sr Instructor : iPexpert <http://www.ipexpert.com> CCIE # 25665 :: Security *:: World-Class Cisco Certification Training* Direct: +1-810-326-1444 :: Free Videos <http://www.youtube.com/ipexpertinc> :: Free Training / Product Offerings <https://www.facebook.com/IPexpert> :: CCIE Blog <http://blog.ipexpert.com/> :: Twitter <https://twitter.com/ipexpert> On Tue, Jul 29, 2014 at 7:46 PM, Fawad Khan <[email protected]> wrote: > Thank you Piotr, > In other words can we disable the webvpn, after the users have downloaded > the profile? > > Regards > Fawad Khan > > > On Tuesday, July 29, 2014, Piotr Kaluzny <[email protected]> wrote: > >> Hi Fawad >> >> SSL cert is needed so you can build a clientless tunnel with the ASA to >> download AnyConnect Profile. The Profile contains the settings for the AC >> client itself and it will also populate a list of servers along with a >> protocol to be used for the connection. So if you configured IPSec in the >> Profile, all subsequent connections should negotiate VPN using IKE/IPSec >> instead of SSL. >> >> Regards, >> >> Piotr Kaluzny : Sr Instructor : iPexpert <http://www.ipexpert.com> >> CCIE # 25665 :: Security >> *:: World-Class Cisco Certification Training* >> >> Direct: +1-810-326-1444 >> :: Free Videos <http://www.youtube.com/ipexpertinc> >> :: Free Training / Product Offerings <https://www.facebook.com/IPexpert> >> :: CCIE Blog <http://blog.ipexpert.com/> >> :: Twitter <https://twitter.com/ipexpert> >> >> >> On Tue, Jul 29, 2014 at 12:19 AM, Fawad Khan <[email protected]> wrote: >> >>> I have a very stupid question. I hope I'll get an intelligent answer >>> here. >>> >>> >>> Does the Cisco Anyconnect IPSec client really need SSL cert to be >>> installed on the firewall? >>> >>> If yes, then how does it remain a IPSec client only? >>> >>> In other case, what is the true replacement of the of legacy IPSec >>> Client v5.0? >>> >>> Thank you in advance. >>> >>> Regards >>> Fawad Khan >>> >>> >>> >>> -- >>> >>> Fawad Khan >>> >>> "This message is sent using a smartphone application , I apologize for >>> any spelling or grammatical mistake also if the message is too short in >>> length or description". >>> Thank you. >>> >>> _______________________________________________ >>> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >>> >>> iPexpert on YouTube: www.youtube.com/ipexpertinc >>> >> >> > > -- > > Fawad Khan > > "This message is sent using a smartphone application , I apologize for any > spelling or grammatical mistake also if the message is too short in length > or description". > Thank you. >
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
