Re: [OSL | CCIE_Security] Any connect IPSec client.
Hi Fawad SSL cert is needed so you can build a clientless tunnel with the ASA to download AnyConnect Profile. The Profile contains the settings for the AC client itself and it will also populate a list of servers along with a protocol to be used for the connection. So if you configured IPSec in the Profile, all subsequent connections should negotiate VPN using IKE/IPSec instead of SSL. Regards, Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com CCIE # 25665 :: Security *:: World-Class Cisco Certification Training* Direct: +1-810-326-1444 :: Free Videos http://www.youtube.com/ipexpertinc :: Free Training / Product Offerings https://www.facebook.com/IPexpert :: CCIE Blog http://blog.ipexpert.com/ :: Twitter https://twitter.com/ipexpert On Tue, Jul 29, 2014 at 12:19 AM, Fawad Khan fawa...@gmail.com wrote: I have a very stupid question. I hope I'll get an intelligent answer here. Does the Cisco Anyconnect IPSec client really need SSL cert to be installed on the firewall? If yes, then how does it remain a IPSec client only? In other case, what is the true replacement of the of legacy IPSec Client v5.0? Thank you in advance. Regards Fawad Khan -- Fawad Khan This message is sent using a smartphone application , I apologize for any spelling or grammatical mistake also if the message is too short in length or description. Thank you. ___ Free CCIE RS, Collaboration, Data Center, Wireless Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc ___ Free CCIE RS, Collaboration, Data Center, Wireless Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
Re: [OSL | CCIE_Security] Any connect IPSec client.
Thank you Piotr, In other words can we disable the webvpn, after the users have downloaded the profile? Regards Fawad Khan On Tuesday, July 29, 2014, Piotr Kaluzny pio...@ipexpert.com wrote: Hi Fawad SSL cert is needed so you can build a clientless tunnel with the ASA to download AnyConnect Profile. The Profile contains the settings for the AC client itself and it will also populate a list of servers along with a protocol to be used for the connection. So if you configured IPSec in the Profile, all subsequent connections should negotiate VPN using IKE/IPSec instead of SSL. Regards, Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com CCIE # 25665 :: Security *:: World-Class Cisco Certification Training* Direct: +1-810-326-1444 :: Free Videos http://www.youtube.com/ipexpertinc :: Free Training / Product Offerings https://www.facebook.com/IPexpert :: CCIE Blog http://blog.ipexpert.com/ :: Twitter https://twitter.com/ipexpert On Tue, Jul 29, 2014 at 12:19 AM, Fawad Khan fawa...@gmail.com javascript:_e(%7B%7D,'cvml','fawa...@gmail.com'); wrote: I have a very stupid question. I hope I'll get an intelligent answer here. Does the Cisco Anyconnect IPSec client really need SSL cert to be installed on the firewall? If yes, then how does it remain a IPSec client only? In other case, what is the true replacement of the of legacy IPSec Client v5.0? Thank you in advance. Regards Fawad Khan -- Fawad Khan This message is sent using a smartphone application , I apologize for any spelling or grammatical mistake also if the message is too short in length or description. Thank you. ___ Free CCIE RS, Collaboration, Data Center, Wireless Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc -- Fawad Khan This message is sent using a smartphone application , I apologize for any spelling or grammatical mistake also if the message is too short in length or description. Thank you. ___ Free CCIE RS, Collaboration, Data Center, Wireless Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
Re: [OSL | CCIE_Security] Any connect IPSec client.
Fawad It should be like you say but to be honest I am not quite sure - maybe at some point it will try to refresh the profile which would break connectivity. Regards, Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com CCIE # 25665 :: Security *:: World-Class Cisco Certification Training* Direct: +1-810-326-1444 :: Free Videos http://www.youtube.com/ipexpertinc :: Free Training / Product Offerings https://www.facebook.com/IPexpert :: CCIE Blog http://blog.ipexpert.com/ :: Twitter https://twitter.com/ipexpert On Tue, Jul 29, 2014 at 7:46 PM, Fawad Khan fawa...@gmail.com wrote: Thank you Piotr, In other words can we disable the webvpn, after the users have downloaded the profile? Regards Fawad Khan On Tuesday, July 29, 2014, Piotr Kaluzny pio...@ipexpert.com wrote: Hi Fawad SSL cert is needed so you can build a clientless tunnel with the ASA to download AnyConnect Profile. The Profile contains the settings for the AC client itself and it will also populate a list of servers along with a protocol to be used for the connection. So if you configured IPSec in the Profile, all subsequent connections should negotiate VPN using IKE/IPSec instead of SSL. Regards, Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com CCIE # 25665 :: Security *:: World-Class Cisco Certification Training* Direct: +1-810-326-1444 :: Free Videos http://www.youtube.com/ipexpertinc :: Free Training / Product Offerings https://www.facebook.com/IPexpert :: CCIE Blog http://blog.ipexpert.com/ :: Twitter https://twitter.com/ipexpert On Tue, Jul 29, 2014 at 12:19 AM, Fawad Khan fawa...@gmail.com wrote: I have a very stupid question. I hope I'll get an intelligent answer here. Does the Cisco Anyconnect IPSec client really need SSL cert to be installed on the firewall? If yes, then how does it remain a IPSec client only? In other case, what is the true replacement of the of legacy IPSec Client v5.0? Thank you in advance. Regards Fawad Khan -- Fawad Khan This message is sent using a smartphone application , I apologize for any spelling or grammatical mistake also if the message is too short in length or description. Thank you. ___ Free CCIE RS, Collaboration, Data Center, Wireless Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc -- Fawad Khan This message is sent using a smartphone application , I apologize for any spelling or grammatical mistake also if the message is too short in length or description. Thank you. ___ Free CCIE RS, Collaboration, Data Center, Wireless Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
Re: [OSL | CCIE_Security] Any connect IPSec client.
Dear Fawad , that is very good question, which I am also looking for answer what is the true replacement of the of legacy IPSec Client v5.0? regards Waleed CCIE 36851 (Security),CISSP,CCSP,CCNP,CCNA Date: Tue, 29 Jul 2014 20:12:36 +0200 From: pio...@ipexpert.com To: fawa...@gmail.com CC: ccie_security@onlinestudylist.com Subject: Re: [OSL | CCIE_Security] Any connect IPSec client. Fawad It should be like you say but to be honest I am not quite sure - maybe at some point it will try to refresh the profile which would break connectivity. Regards, Piotr Kaluzny : Sr Instructor : iPexpertCCIE # 25665 :: Security :: World-Class Cisco Certification Training Direct: +1-810-326-1444 :: Free Videos :: Free Training / Product Offerings :: CCIE Blog :: Twitter On Tue, Jul 29, 2014 at 7:46 PM, Fawad Khan fawa...@gmail.com wrote: Thank you Piotr,In other words can we disable the webvpn, after the users have downloaded the profile? RegardsFawad Khan On Tuesday, July 29, 2014, Piotr Kaluzny pio...@ipexpert.com wrote: Hi Fawad SSL cert is needed so you can build a clientless tunnel with the ASA to download AnyConnect Profile. The Profile contains the settings for the AC client itself and it will also populate a list of servers along with a protocol to be used for the connection. So if you configured IPSec in the Profile, all subsequent connections should negotiate VPN using IKE/IPSec instead of SSL. Regards, Piotr Kaluzny : Sr Instructor : iPexpertCCIE # 25665 :: Security :: World-Class Cisco Certification Training Direct: +1-810-326-1444 :: Free Videos :: Free Training / Product Offerings :: CCIE Blog :: Twitter On Tue, Jul 29, 2014 at 12:19 AM, Fawad Khan fawa...@gmail.com wrote: I have a very stupid question. I hope I'll get an intelligent answer here. Does the Cisco Anyconnect IPSec client really need SSL cert to be installed on the firewall? If yes, then how does it remain a IPSec client only? In other case, what is the true replacement of the of legacy IPSec Client v5.0? Thank you in advance. RegardsFawad Khan -- Fawad KhanThis message is sent using a smartphone application , I apologize for any spelling or grammatical mistake also if the message is too short in length or description. Thank you. ___ Free CCIE RS, Collaboration, Data Center, Wireless Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc -- Fawad KhanThis message is sent using a smartphone application , I apologize for any spelling or grammatical mistake also if the message is too short in length or description. Thank you. ___ Free CCIE RS, Collaboration, Data Center, Wireless Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc ___ Free CCIE RS, Collaboration, Data Center, Wireless Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc