Cisco supports several types of VPN implementations on the ASA but they are generally categorized as either “IPSec Based VPNs” or “SSL Based VPNs“.
The first category uses the IPSec protocol for secure communications while the second category uses SSL.
SSL Based VPNs are also called WebVPN in Cisco terminology. The two general VPN categories supported by Cisco ASA are further divided into the following VPN technologies.
IPSec Based VPNs:
- Lan-to-Lan IPSec VPN: Used to connect remote LAN networks over unsecure media (e.g Internet). It runs between ASA-to-ASA or ASA-to-Cisco Router.
- Remote Access with IPSec VPN Client: A VPN client software is installed on user’s PC to provide remote access to the central network. Uses the IPSec protocol and provides full network connectivity to the remote user. The users use their applications at the central site as they normally would without a VPN in place.
SSL Based VPNs (WebVPN):
- Clientless Mode WebVPN: This is the first implementation of SSL WebVPN supported from ASA version 7.0 and later. It lets users establish a secure remote access VPN tunnel using just a Web browser. There is no need for a software or hardware VPN client. However, only limited applications can be accessed remotely.
- AnyConnect SSL VPN: A special Java based client is installed on the user’s computer providing an SSL secure tunnel to the central site. Provides full network connectivity (similar with IPSec remote access client). All applications at the central site can be accessed remotely.
From the description above you can understand that the AnyConnect WebVPN technology combines the best from both IPSec based VPNs and SSL based VPNs.
It offers full network connectivity to the remote user without having to install a dedicated VPN software like the IPSec remote access client.
The AnyConnect VPN client is a lightweight Java client (around 3MB) which can be installed or uninstalled from the remote user’s PC dynamically.