I was wondering whether anyone may be able to recommend the best Cisco product for an any connect VPN concentrator.
I’m looking at an environment with around 80 users. I’m not sure whether firepower or ASA would be the best way to go.
This is purely for any connect, no other features required.
Any advice would be very appreciated.
ASA, and get a perpetual (not yearly subscription) vpn client license so you can have more than 4 concurrent connections.
You can either run ASAv or ASA on Firepower appliance. I’d still recommend routing ASA inside interface to your actual firewall dmz.
As other said, ASA.
I know the 5506-x w/ perpetual license will only support 50 concurrent sessions.
The 5515-x supports 250 concurrent sessions.
The 5525-x supports 750 concurrent sessions.
Interestingly enough when I purchased the PAK with the SKU: L-AC-PLS-P-25 I was given a quantity of 99999 which I am able to redeem for licenses to apply to the ASA’s. The “-25” is also misleading since it unlocks the maximum supported in the device.
I am not sure what various FTD hardware models w/ ASA image supports.
You will want to do some research for sure.
As you don;t have the device, I would suggest also looking at Palo Alto, who also have a DTLS VPN.
If you are tied to AnyConnect for other reasons, then I would suggest ASA.
+1
Only if you have other layers of protection already in place to protect your remote users.