Cisco announced the general release of the Cisco AnyConnect client for the iPhone. While I think it is cool that Cisco has released this finally I am a bit flabbergasted at the licensing they are doing on the ASA - yet again. Not only do you need AnyConnect Essentials or Premium license but it will require the AnyConnect for Mobile license also. I still don't understand why Cisco feels the need to do this and it is frustrating when trying to sell the ASA platform to have to address each one of the licensing requirements for features that many expect from the base AnyConnect Essentials license. It makes you want to stick with the inbuilt IPSec client solutions regardless of the feature enhancements.
If you do a show version on your ASA you can see what your current license status is, the output should look like:
ASA#show version
(...)
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 50
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 250
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
So note that you will need the AnyConnect Essentials or AnyConnect Premium (SSL VPN Peers) license plus the AnyConnect for Mobile to have a working solution. Some product overview information is available here, the link might require CCO logon access.
- Ed
Howfunky...a place with useless technical content!
Wednesday, September 22, 2010
Tuesday, September 21, 2010
Cisco ASA - AnyConnect 3.0 features
Cisco has announced new features for AnyConnect 3.0 and will finally be supporting both IPSec VPN and SSL VPN in a single client. They have outlined some interesting things like using RDP to launch AnyConnect, IPv6 VPN access, captive portal detection and auto reconnect. All things that make AnyConnect much more useful and easier for end users to use VPN all the time.
It seems that Cisco is taking seriously Microsoft's DirectAccess solution given the features they are putting into AnyConnect. In addition, they are making the client available for platforms that Microsoft can't support such as the Apple iPad and iPhone. They are also making AnyConnect able to leverage a split VPN connectivity option to take advantage of their ScanSafe cloud security solution so that might give folks more options in terms of offloading posture assessment of VPN clients.
I still think that Microsoft's DirectAccess is an impressive solution for Win7/Server 2008R2 shops that want to provide their end users a remarkable VPN experience. You can tell the difference of something that is made from the ground up in a product and integrated so tightly in the operating system that the experience becomes seamless. The downside is that there are often shortcoming in flexibility in the number of scenarios you can deploy the solution.
I think Cisco's AnyConnect is a great solution in terms of the flexibility it offers while still providing a strong set of capabilities. I just wish a lot of these features had come out in the 1.x release instead of having to wait this long. I special note is the IPSec support in a single client - that has been an issue since AnyConnect was first launched.
- Ed
It seems that Cisco is taking seriously Microsoft's DirectAccess solution given the features they are putting into AnyConnect. In addition, they are making the client available for platforms that Microsoft can't support such as the Apple iPad and iPhone. They are also making AnyConnect able to leverage a split VPN connectivity option to take advantage of their ScanSafe cloud security solution so that might give folks more options in terms of offloading posture assessment of VPN clients.
I still think that Microsoft's DirectAccess is an impressive solution for Win7/Server 2008R2 shops that want to provide their end users a remarkable VPN experience. You can tell the difference of something that is made from the ground up in a product and integrated so tightly in the operating system that the experience becomes seamless. The downside is that there are often shortcoming in flexibility in the number of scenarios you can deploy the solution.
I think Cisco's AnyConnect is a great solution in terms of the flexibility it offers while still providing a strong set of capabilities. I just wish a lot of these features had come out in the 1.x release instead of having to wait this long. I special note is the IPSec support in a single client - that has been an issue since AnyConnect was first launched.
- Ed
Tuesday, September 07, 2010
Relaunch of the California IPv6 Task Force
For those who are interested in IPv6 please check out the relaunched California IPv6 Task Force website. The CAv6TF will be helping with the gogonetLive! IPv6 event on Nov 2-3, 2010 in Silicon Valley (San Jose area at this point) so please keep the date reserved, it should be a great chance to interact with other IT professionals interested in IPv6.
I am excited we are finally making the CAv6TF website available via IPv6 too and also that the Task Force is now active again after a few years of hiatus due to the majority of the CAv6TF members driving the National IPv6 story. I am now serving as the Co-Chair of the Task Force handling the San Francisco Bay Area. If you have any comments or interest in helping with the CAv6TF please contact us at info@cav6tf.org.
If you have not yet joined gogoNET and you are interested in learning more about IPv6 this is a good place to start getting connected with other IPv6 folks so consider signing up. They also offer a free IPv6 software client service through Freenet6 so you can run IPv6 no matter where you are which is a nice option if you do not have a native IPv6 service yet. Another option is Hurricane Electric's IPv6 Tunnel Broker service which I have used for years for my home configuration.
- Ed
I am excited we are finally making the CAv6TF website available via IPv6 too and also that the Task Force is now active again after a few years of hiatus due to the majority of the CAv6TF members driving the National IPv6 story. I am now serving as the Co-Chair of the Task Force handling the San Francisco Bay Area. If you have any comments or interest in helping with the CAv6TF please contact us at info@cav6tf.org.
If you have not yet joined gogoNET and you are interested in learning more about IPv6 this is a good place to start getting connected with other IPv6 folks so consider signing up. They also offer a free IPv6 software client service through Freenet6 so you can run IPv6 no matter where you are which is a nice option if you do not have a native IPv6 service yet. Another option is Hurricane Electric's IPv6 Tunnel Broker service which I have used for years for my home configuration.
- Ed
Monday, August 23, 2010
VMworld 2010 - August 30 - Sept 2nd
Another VMworld is around the corner, just a week away now - it is again in San Francisco at Moscone Center and should be an interesting event as always. Cisco, EMC and NetApp will all have big presence at the show for sure and it is nice to see what they have in terms of product lines and what they are doing in the virtualization space. What makes me want to attend the expo every year though is the small niche companies that have interesting products or way of solving problems that the big boys haven't figured out or haven't thought about.
Often it is the case that these folks get purchased and integrated into one of the bigger players so part of the fun is getting to see them while they are still small, still agile and still interesting plus getting their swag while they still have their own logos and tag lines and such.
I expect to see some announcements associated with the show regarding partnerships, new product launches and perhaps some heated debate too. It looks like Microsoft will once again be relegated to a regular small booth which is a shame considering the majority of deployments of VMware's products are to support Microsoft platforms. I think VMware is making a mistake not allowing Microsoft to have a bigger presence at the event and simply asking them to live within some guidelines regardings Hyper-V.
- Ed
Often it is the case that these folks get purchased and integrated into one of the bigger players so part of the fun is getting to see them while they are still small, still agile and still interesting plus getting their swag while they still have their own logos and tag lines and such.
I expect to see some announcements associated with the show regarding partnerships, new product launches and perhaps some heated debate too. It looks like Microsoft will once again be relegated to a regular small booth which is a shame considering the majority of deployments of VMware's products are to support Microsoft platforms. I think VMware is making a mistake not allowing Microsoft to have a bigger presence at the event and simply asking them to live within some guidelines regardings Hyper-V.
- Ed
Friday, August 06, 2010
Splunk User Conference - August 9-11, 2010
One of the tools I use to help me wade through the mass of data that networking devices spit out is Splunk. Splunk is easily one of the most useful apps to run if you have to try and figure out what is going on with regards to firewalls, ids, network logging and anything else that will output to syslog.
If you happen to live in the San Francisco Bay Area you are in luck too, next week is the first annual Splunk User Conference and you can still sign up. I wish I could make it myself, especially since I live local to the event.
Splunk has really expanded the capabilities of the product but to be honest, the simple search and filtering to help me write better access control lists for firewalls is a huge time saver, just being able to do that quickly and efficiently makes it worth it's weight in gold.
- Ed
If you happen to live in the San Francisco Bay Area you are in luck too, next week is the first annual Splunk User Conference and you can still sign up. I wish I could make it myself, especially since I live local to the event.
Splunk has really expanded the capabilities of the product but to be honest, the simple search and filtering to help me write better access control lists for firewalls is a huge time saver, just being able to do that quickly and efficiently makes it worth it's weight in gold.
- Ed
Subscribe to:
Posts (Atom)