Cisco AnyConnect, LDAP, and you.

I recently discovered that Cisco had released a much cheaper version of their AnyConnect client alongside their ASA 8.2 release. AnyConnect Essentials runs $150 (list price, so for Cisco, chop off an average of 35%) and allows for up to 250 concurrent connections on my ASA 5510. Previously you either had to settle for their IPSec client or their Premium AnyConnect license. From my own impressions, Cisco had given up on their IPSec client... no 64 bit client? Hello? Their more expensive AnyConnect license included features that I didn't need and was something obscene like $150/user.

Enter AnyConnect essentials. You can install it by going to your ASA's IP address and logging in. It downloads the client which is about 1.5MB compressed, and connects you. Bam! Instant SSL encrypted VPN tunnel. In testing it appears to work really well. I've tried the client on XP, Vista, 7, and Linux and I like it. I'll be deploying this to my company very soon.

Like most things Cisco, just because you can do it doesn't mean it's easy to do (or easy to find relevant information for). In my case, I wanted to implement the AnyConnect software with LDAP and allow different groups access to different resources depending on Active Directory group memberships.

After an hour or so of using Google, I found a few documents that really helped me (and hopefully you!):

Configuring AnyConnect VPN Client Connections

ASA 8.0: Configure LDAP Authentication for WebVPN Users

PIX/ASA 8.0: Use LDAP Authentication to Assign a Group Policy at Login

I hope that helps - if you need any help, leave a comment and I'll see what I can do