Pursuing Always On VPN

Solved
jfarr2008
Conversationalist

Pursuing Always On VPN

So I'm trying to find a solution for "always on VPN" without going with the Microsoft Always On solution or DirectAccess.  We currently use the Meraki Client VPN mostly with our Windows 10 Enterprise laptops. I'd really love when the laptops are off our corporate network to be forced to connect to the VPN. If any of you are currently running this setup with other products alongside your Meraki equipment I'd love to hear about it.  Thanks!

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

Each model of ASA has a hardware limit.  Within that you buy AnyConnect licences for the number of users.

 

You can create multiple VPN profiles.  One profile could use it, and another not.

 

Here is a comparison of the current lower end models:

https://www.cisco.com/c/en/us/products/security/asa-firepower-services/compare-models.html?columnsTo...

Under "Capacity" you'll find the AnyConnect maximum limits.

View solution in original post

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

Can't be done at the moment sorry.

 

You need Cisco AnyConnect to support that, and currently that is best supported by Cisco ASA's.  I have deployed little Cisco ASA 5506's at Meraki clients for just this one purpose alone.

 

There are wild rumours that Cisco AnyConnect will be coming to MX using IKEv2, but who knows how much of the functionality will be retained.

jfarr2008
Conversationalist

Thanks Philip. Is there a limit to how many vpn clients can be supported? I see several variations of that model online. Is there a specific one suited for vpn that I should look for? Can a blend of "always on" and other modes be supported simultaneously? I've never used AnyConnect but it seems to be somewhat of the standard for corp vpn.

PhilipDAth
Kind of a big deal
Kind of a big deal

Each model of ASA has a hardware limit.  Within that you buy AnyConnect licences for the number of users.

 

You can create multiple VPN profiles.  One profile could use it, and another not.

 

Here is a comparison of the current lower end models:

https://www.cisco.com/c/en/us/products/security/asa-firepower-services/compare-models.html?columnsTo...

Under "Capacity" you'll find the AnyConnect maximum limits.

jfarr2008
Conversationalist

Excellent. Thanks for that info.  I was also glad to see some nice rack mount options for the smaller form factor of the 5506. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels