Dear Fawad , that is very good question, which I am also looking for answer what is the true replacement of the of legacy IPSec Client v5.0?
regards Waleed CCIE 36851 (Security),CISSP,CCSP,CCNP,CCNA Date: Tue, 29 Jul 2014 20:12:36 +0200 From: pio...@ipexpert.com To: fawa...@gmail.com CC: ccie_security@onlinestudylist.com Subject: Re: [OSL | CCIE_Security] Any connect IPSec client. Fawad It should be like you say but to be honest I am not quite sure - maybe at some point it will try to refresh the profile which would break connectivity. Regards, Piotr Kaluzny : Sr Instructor : iPexpertCCIE # 25665 :: Security :: World-Class Cisco Certification Training Direct: +1-810-326-1444 :: Free Videos :: Free Training / Product Offerings :: CCIE Blog :: Twitter On Tue, Jul 29, 2014 at 7:46 PM, Fawad Khan <fawa...@gmail.com> wrote: Thank you Piotr,In other words can we disable the webvpn, after the users have downloaded the profile? RegardsFawad Khan On Tuesday, July 29, 2014, Piotr Kaluzny <pio...@ipexpert.com> wrote: Hi Fawad SSL cert is needed so you can build a clientless tunnel with the ASA to download AnyConnect Profile. The Profile contains the settings for the AC client itself and it will also populate a list of servers along with a protocol to be used for the connection. So if you configured IPSec in the Profile, all subsequent connections should negotiate VPN using IKE/IPSec instead of SSL. Regards, Piotr Kaluzny : Sr Instructor : iPexpertCCIE # 25665 :: Security :: World-Class Cisco Certification Training Direct: +1-810-326-1444 :: Free Videos :: Free Training / Product Offerings :: CCIE Blog :: Twitter On Tue, Jul 29, 2014 at 12:19 AM, Fawad Khan <fawa...@gmail.com> wrote: I have a very stupid question. I hope I'll get an intelligent answer here. Does the Cisco Anyconnect IPSec client really need SSL cert to be installed on the firewall? If yes, then how does it remain a IPSec client only? In other case, what is the true replacement of the of legacy IPSec Client v5.0? Thank you in advance. RegardsFawad Khan -- Fawad Khan"This message is sent using a smartphone application , I apologize for any spelling or grammatical mistake also if the message is too short in length or description". Thank you. _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc -- Fawad Khan"This message is sent using a smartphone application , I apologize for any spelling or grammatical mistake also if the message is too short in length or description". Thank you. _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc