In the clientless "webvpn" configuration, you can only access things that are available in http form. Such as http-to-cifs interface, and various http published apps and so on. But if you want to RDP to some machine, and access CIFS natively from your client, or do anything under the sun . then "webvpn" isn't good enough.
"webvpn" is a trimmed down version of vpn. Pros and cons. Pros are that your clients can't broadcast a virus to the LAN and you have more control over security and so on. Cons are that you can't broadcast all the traffic you want, and you're getting denied access to things you want. So "webvpn" is not a true vpn. It's just a web interface to various services. Unless you mean to talk about the "thin client" vpn . port tunneling and so on? From: [email protected] [mailto:[email protected]] On Behalf Of Christopher L. Butler Sent: Thursday, December 24, 2009 10:47 AM To: Edward Ned Harvey; [email protected] Subject: Re: [lopsa-tech] Cisco AnyConnect. Welcome death of the Old VPN Thanks Edward, I'm curious though... If you are routing everything over https, why not just use clientless SSL (AKA Web VPN)? It seems to encompass all the benefits you were referring to except you can access it without any client instillation. Thank you, Chris Butler Infoscitex Corporation Systems Administrator 781/890-1338 x291 617/276-5099 (cell) -----Original Message----- From: [email protected] on behalf of Edward Ned Harvey Sent: Thu 12/24/2009 10:42 AM To: [email protected] Subject: [lopsa-tech] Cisco AnyConnect. Welcome death of the Old VPN During the last 3 weeks, I learned something too. Cisco AnyConnect VPN is replacing / has replaced the IPSec VPN client. And rightly so. I currently have both the old and new vpn clients running and connecting to my ASA. So it's still compatible with the old client; I just added some config to my ASA to enable the new client. Here's what's improved: 1. Installation a. In the Old VPN client, users needed to pre-download the installer from the LAN, along with the configuration files / preshared keys. b. In the AnyConnect client, the user doesn't need to download in advance. They just type in https://your-gateway and login with their credentials, and download it from there. After they use the webpage once, the client is installed, and for later times they can just launch the client directly. 2. Configuration a. In the Old VPN client, you needed to configure firewall settings. b. In AnyConnect, no firewall changes are needed. 3. Interruption a. In the Old VPN client, you needed to interrupt your network and reboot during installation. b. In AnyConnect, not necessary. As soon as you install it, it's already running. 4. Proxy Support a. In the Old VPN client, if you were visting some other company like Intel or whatever . that blocks all access to the internet and requires the use of their proxy server . You simply couldn't VPN in to your home network. b. In AnyConnect, it's tunneling across https, and it supports use of a proxy server. So now you can VPN back into your company even when you're visiting some other company. 5. Reconnection a. In the Old VPN client, if you get some packet loss, the connection drops, and you have to reconnect. b. In AnyConnect, if the connection drops, it auto-reconnects. And the license is dirt cheap. $70 one-time, for 25 users. "Cisco AnyConnect Essentials." Plus I pay $30/yr to godaddy for a SSL cert. It works equally well on Windows, 32bit, 64bit, Linux, or Mac, Leopard and Snow Leopard. Long story short, the New VPN is the welcome death of the Old VPN. ;-) I love this thing, support, deployment, and use. It couldn't be easier, or more powerful. I see absolutely no way to improve upon this. It's perfect. ;-) If you have any concerns about network security . "Can my company catch a virus from a home user's computer" etc . they make additional licenses and configuration options to address that concern. Details if anyone's curious, just ask.
_______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
