Cisco VPN solutions provide exceptional security through encryption and authentication technologies that protect data in transit from unauthorized access and attacks. The Cisco ASA security appliance supports several types of VPN implementations, they are generally categorized as IPSec Based VPNs and SSL Based VPNs. The first category uses the IPSec protocol for secure communications and the second category uses SSL. SSL Based VPNs are also called WebVPN in Cisco terminology. The two general VPN categories supported by Cisco ASA are further divided into the following VPN technologies.
IPSec Based VPNs:
• Site-to-Site IPSec VPN: Used to connect remote LAN networks over unsecure media (e.g Internet). All traffic between sites is encrypted using IPsec protocol and integrates network features such as routing, quality of service, and multicast. Ex. It runs between ASA-to-ASA or ASA-to-Cisco Router.
• Remote Access with IPSec VPN Client: A VPN client software is installed on user’s PC to provide remote access to the central network. Uses the IPSec protocol and provides full network connectivity to the remote user. The users use their applications at the central site as they normally would without a VPN in place. With this VPN, you can provide highly secure, customizable remote access to anyone, anytime, anywhere, with almost any device.
SSL Based VPNs (WebVPN):
This is relatively new technology in Cisco ASA security appliance and it can be used as a secure SSL web server. The remote user just needs a browser with SSL encryption (HTTPs) to connect to the central office ASA Web VPN appliance.
• Clientless Mode WebVPN: This is the first implementation of SSL WebVPN supported from ASA version 7.0 and later. It lets users establish a secure remote access VPN tunnel using just a Web browser. There is no need for a software or hardware VPN client. However, only limited applications can be accessed remotely.
• AnyConnect WebVPN: A special Java based client is installed on the user’s computer providing an SSL secure tunnel to the central site. Provides full network connectivity (similar with IPSec remote access client). All applications at the central site can be accessed remotely.
From above you can understand that the AnyConnect WebVPN technology is best from both IPSec based VPNs and SSL based VPNs. It offers full network connectivity to the remote user with lightweight Java VPN client (around 3MB) which can be installed or uninstalled from the remote user’s PC dynamically.
Filed Under: Cisco ASA
About the Author: