SSL Remote Access VPNs
Jazib Frahim, CCIE No. 5459
Qiang Huang, CCIE No. 4937
Right in the middle of a pretty big SSL VPN roll out here at my place of employment, Cisco Press released SSL Remote Access VPNs. They couldn't have had better timing, as there was a good deal I was still confused about.
First, let me get this clear from the start: I hate ASDM. It has its uses, like monitoring. The traffic and VPN monitoring interfaces are wonderful. However, as far as configuration goes, the command-line is preferable. That being said, 95% of this book, including configuration, revolves around ASDM.
The first chapter explains remote access VPNs, which should be pretty familiar to anyone with IPSec VPN experience. Nothing new here, but certainly a good refresher and a good way to build context for the rest of the book.
The next couple chapters focus on SSL VPN technology, as well as SSL VPN design considerations. Definitely a nice review, considering SSL is certainly not a new technology, but building high encryption VPNs using SSL certainly is.
Chapter 4 is just an overview of ASA appliances and IOS routers and their SSL VPN capabilities. It's only a few pages, so it's not exactly deep reading, but useful nonetheless.
Next is a chapter on SSL VPN on the ASA. Probably the best part of the book, it mostly focuses on clientless SSL VPN. It has a (too short) section on configuring the AnyConnect client. This is the part that I personally found the most useful, which is why I was disappointed that it was so short. Also included are Dynamic Access Policies (DAP), and a couple of deployment scenarios.
The next chapter is on SSL VPN on IOS routers. I have to admit, I only skimmed this chapter, as it just wasn't relevant to my deployment. But from what I could tell, it was just as thorough as the previous chapter, and possibly more so. It also included most of the SDM configuration in CLI form as well, and I have to wonder why the ASA chapter didn't have more CLI in it as well.
Finally, there is a short chapter on SSL VPN management. This chapter basically just shows you some of the monitoring interface in ASDM. Sadly, nothing in the way of CLI, but that's a pretty recurring theme in this book.
In conclusion, I would have to say this book is certainly worth picking up if you're planning on doing an SSL VPN roll out any time soon. The only real issue I had with the book was what I've already mentioned a few times, and that is the lack of CLI. I realize Cisco is really pushing SDM and ASDM, but they need to understand that network engineers are -not- point and click kind of people. Leave that to the MCSEs! ;)