Remote Access - IKEv2 or SSL?

For a remote access VPN on the ASA5505, is it better to use SSL or IKEv2? With the AnyConnect Secure Mobility Client version 3.0 or later, it looks like we could use IKEv2 for the remote access VPN. However, I read online that IKEv2 requires ports UDP 500 and UDP 4500 to be open. If the client is at a hotel, I don’t know how we could guarantee that those ports are open on the hotel’s firewall. Any suggestions?

Hi Lance,

It depends on the applications that you intend to use. If you have webbased applications then SSL is fine. If you need complete remote access, it might be better to use IKEv2/IPsec.

Most public networks (including hotels) will permit “common” traffic, including IPsec.