If you upgrade to ASA 8.2, there's a AnyConnect Essentials license which allows you use the SSL client for the number of IPsec connections your ASA is licensed for. This license is only around ~$100.
So if you have a 5520 with 750 IPsec licenses, when you add the AnyConnect Essentials license, you'll be able to have 750 SSL client connections. This would be for the SSL fat client. The webportal is licensed separately and is much more expensive. -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Justin M. Streiner Sent: Friday, August 21, 2009 4:22 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco SSL VPN? On Fri, 21 Aug 2009, Charles Mills wrote: > Anyone currently (successfully) using the SSL VPN on an ASA box (5520 or above)? > > I'm in uncharted territory with this feature and not sure if it is > worth going down this route. I've deployed it for a client and it seems to work pretty well, though as far as I know they're not doing anything terribly exotic. One important gotcha: The SSL VPN connections are licensed independently from IPSEC connections. The base license allows for only two concurrent connections at least on the smaller ASAs, so you might need to purchase a license upgrade if you want to roll it out on a larger scale. If you do a "show version" on the ASA, the number of WebVPN peers is the number you need to know. Cisco has made it clear that they're moving in this direction, as they don't seem to be putting much new development effort into the IPSEC client - it doesn't support 64-bit OSen, and I doubt they'll spin many cycles testing Windows 7, etc... They seem to want people to move to the AnyConnect (SSL VPN) model. jms _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ "This communication is intended solely for the addressee and is confidential and not for third party unauthorized distribution" _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/