cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Pursuing Always On VPN

SOLVED
Conversationalist

Pursuing Always On VPN

So I'm trying to find a solution for "always on VPN" without going with the Microsoft Always On solution or DirectAccess.  We currently use the Meraki Client VPN mostly with our Windows 10 Enterprise laptops. I'd really love when the laptops are off our corporate network to be forced to connect to the VPN. If any of you are currently running this setup with other products alongside your Meraki equipment I'd love to hear about it.  Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: Pursuing Always On VPN

Each model of ASA has a hardware limit.  Within that you buy AnyConnect licences for the number of users.

 

You can create multiple VPN profiles.  One profile could use it, and another not.

 

Here is a comparison of the current lower end models:

https://www.cisco.com/c/en/us/products/security/asa-firepower-services/compare-models.html?columnsTo...

Under "Capacity" you'll find the AnyConnect maximum limits.

4 REPLIES 4
Kind of a big deal

Re: Pursuing Always On VPN

Can't be done at the moment sorry.

 

You need Cisco AnyConnect to support that, and currently that is best supported by Cisco ASA's.  I have deployed little Cisco ASA 5506's at Meraki clients for just this one purpose alone.

 

There are wild rumours that Cisco AnyConnect will be coming to MX using IKEv2, but who knows how much of the functionality will be retained.

Conversationalist

Re: Pursuing Always On VPN

Thanks Philip. Is there a limit to how many vpn clients can be supported? I see several variations of that model online. Is there a specific one suited for vpn that I should look for? Can a blend of "always on" and other modes be supported simultaneously? I've never used AnyConnect but it seems to be somewhat of the standard for corp vpn.

Highlighted
Kind of a big deal

Re: Pursuing Always On VPN

Each model of ASA has a hardware limit.  Within that you buy AnyConnect licences for the number of users.

 

You can create multiple VPN profiles.  One profile could use it, and another not.

 

Here is a comparison of the current lower end models:

https://www.cisco.com/c/en/us/products/security/asa-firepower-services/compare-models.html?columnsTo...

Under "Capacity" you'll find the AnyConnect maximum limits.

Conversationalist

Re: Pursuing Always On VPN

Excellent. Thanks for that info.  I was also glad to see some nice rack mount options for the smaller form factor of the 5506. 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.