WatchGuard Authentication equivalent with Cisco ASA X series

Question

I am in the process of implementing Cisco ASA 5512-X devices with FirePOWER to replace WatchGuard firewalls. The WatchGuard devices in use are currently wrapping access to various services with a dynamic access list feature of WatchGuard called "WatchGuard Authentication". WG Auth works via the user authenticating to an HTTPS login form hosted by the firewall, then opens access to the services it protects (i.e. access to the services it protects will drop connection attempts if the source IP is not WG Authenticated).

Needless to say, this is quite useful for home users with dynamic public addresses that require access to (hopefully encrypted!) services that you do not want to expose to the entire public.

So on to my question... is there an equivalent to this functionality within the Cisco ASA 5512-X? I am fairly new to the ASA platform and from my research, the only thing I can find is the VPN services (AnyConnect). I would prefer an option that does not require the source to install any VPN client software (but will accept that if it's the only alternative).

For anyone that comes across this, it seems the only viable option is using the VPN software. — TrunkFullOfGoats, May 03 '15 at 14:08

score 2 · Answer 1 · answered Aug 12 '15 at 11:16

I have just completed the implementation of Cisco 5515's for our network and after doing my own research on this topic and working with Cisco, the only real way of doing this is by running the Anyconnect VPN software. There is a version of the Anyconnect software accessible through the web interface (https) that utilizes Java and does not require an installation but after testing I have found that it does not perform nearly as well as having Anyconnect installed locally on the machine.

AnyConnect clientless VPN is what Cisco calls it. – Aaron D Oct 08 '17 at 13:06 — Aaron D, Oct 08 '17 at 13:06

WatchGuard Authentication equivalent with Cisco ASA X series

1 Answers1