We have a ciscoasa 5505 that has the security+ license. I need to setup VPN so that people can connect to our internal domain when they are out on the road. I was thinkign there was a way for them to connect directly to the cisco. Is this done through the "remote access vpn"? Looking at it I think easy VPN remote would take care of it but with these being a potentially huge security risk I wanted to get a second opinion before proceeding.
Thanks!
Of course you'll want to consider who you're giving access and what they'll have access to. VPN access does not have to be all or nothing. You can limit what a user has access to once connected to the specific resources they need.
Please take a look at the Cisco ASA 5500 SSL VPN Deployment Guide, Version 8.x. It includes important details like how to apply an ACL to the connecting client, so the user can only access the specific resources you allow them to. Following this deployment guide might not be possible if you aren't licensed for AnyConnect or AnyConnect Essentials. If you're using IPSec remote access VPN, much of the configuration (the group policy portion) will be similar.
Easy VPN is for ASA 5505 to act like a VPN client connecting to another ASA in another location, as an alternative to setting up Site to Site VPNs (which is less "Easy"). it isn't something your road warriors will use, unless they carry ASA 5505s around with them!
Your clients could use the Cisco VPN client, or even Windows VPN client using L2TP over IPSEC. There is also an option to use SSL VPN (anyconnect) but that may require additional licensing.
Of course, it is worth checking out Cisco's documentation on the ASA. I also found the Cisco Press book Cisco ASA All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance (ISBN 978-1-58705-819-6) very useful for figuring out the options and implementing things.
