https://community.cisco.com/t5/network-security/anyconnect-ra-vpn-in-asa-multiple-mode/m-p/3881491#M31085 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/326072">@johnlloyd_13</a>&nbsp;</P> <P>The guide you linked is a valid one, even for 9.8.</P> <P>1. Any AnyConnect 4.x release is compatible. Cisco generally recommends using the latest release (currently 4.7.04056)</P> <P>2. As noted in the linked guide, we make some settings in system context, put the Anyconnect images into shared storage and then used the user context(s) to individually setup Anyconnect. That last bit is pretty much like it's done on a single context ASA.</P> <P>3. You get the 2 "AnyConnect Premium" (roughly equivalent to the current Apex type) licenses per ASA for free. If you need more you need to purchase Anyconnect Plus or Apex (or VPN only) licenses just like with any other ASA. You add those licenses via using the PAK plus serial number(s) to get an activation-key from the software.cisco.com licensing portal.</P> <P>&nbsp;</P> Fri, 28 Jun 2019 13:50:31 GMT Marvin Rhoads 2019-06-28T13:50:31Z https://community.cisco.com/t5/network-security/anyconnect-ra-vpn-in-asa-multiple-mode/m-p/3881317#M31084 <P>hi,</P><P>i'll be configuring anyconnect for remote access VPN in an ASA5500-X 9.8 code. i tried to search but only see this doc which is on asa 9.6:</P><P><A href="https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/200353-ASA-Multi-Context-Mode-Remote-Access-A.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/200353-ASA-Multi-Context-Mode-Remote-Access-A.html</A></P><P>&nbsp;</P><P>my questions are:</P><P>&nbsp;</P><P>1) what anyconnect 4.x is compatible for asa 9.8 code? i don't see any compatibility matrix.</P><P>&nbsp;</P><P>2) which is the go-to config? private or shared storage? any config example i can follow?</P><P>&nbsp;</P><P>3) is there a specific license/feature needed? I have<EM> AnyConnect Premium Peers</EM> applied (total of 4x from active-standby FWs).</P><P>&nbsp;</P><P>Licensed features for this platform:<BR />Maximum Physical Interfaces : Unlimited perpetual<BR />Maximum VLANs : 500 perpetual<BR />Inside Hosts : Unlimited perpetual<BR />Failover : Active/Active perpetual<BR />Encryption-DES : Enabled perpetual<BR />Encryption-3DES-AES : Enabled perpetual<BR />Security Contexts : 50 perpetual<BR />Carrier : Disabled perpetual<BR /><FONT color="#FF0000">AnyConnect Premium Peers : 2 perpetual</FONT><BR />AnyConnect Essentials : Disabled perpetual<BR />Other VPN Peers : 5000 perpetual<BR />Total VPN Peers : 5000 perpetual<BR />AnyConnect for Mobile : Disabled perpetual<BR />AnyConnect for Cisco VPN Phone : Disabled perpetual<BR />Advanced Endpoint Assessment : Disabled perpetual<BR />Shared License : Disabled perpetual<BR />Total TLS Proxy Sessions : 2 perpetual<BR />Botnet Traffic Filter : Disabled perpetual<BR />IPS Module : Disabled perpetual<BR />Cluster : Enabled perpetual<BR />Cluster Members : 2 perpetual</P><P>This platform has an ASA5555 VPN Premium license.</P><P><BR />Failover cluster licensed features for this platform:<BR />Maximum Physical Interfaces : Unlimited perpetual<BR />Maximum VLANs : 500 perpetual<BR />Inside Hosts : Unlimited perpetual<BR />Failover : Active/Active perpetual<BR />Encryption-DES : Enabled perpetual<BR />Encryption-3DES-AES : Enabled perpetual<BR />Security Contexts : 100 perpetual<BR />Carrier : Disabled perpetual<BR /><FONT color="#FF0000">AnyConnect Premium Peers : 4 perpetual&nbsp;&nbsp;&nbsp; &lt;&lt;&lt; 2x from active + 2x from standby FW</FONT><BR />AnyConnect Essentials : Disabled perpetual<BR />Other VPN Peers : 5000 perpetual<BR />Total VPN Peers : 5000 perpetual<BR />AnyConnect for Mobile : Disabled perpetual<BR />AnyConnect for Cisco VPN Phone : Disabled perpetual<BR />Advanced Endpoint Assessment : Disabled perpetual<BR />Shared License : Disabled perpetual<BR />Total TLS Proxy Sessions : 4 perpetual<BR />Botnet Traffic Filter : Disabled perpetual<BR />IPS Module : Disabled perpetual<BR />Cluster : Enabled perpetual</P> Fri, 28 Jun 2019 08:58:23 GMT https://community.cisco.com/t5/network-security/anyconnect-ra-vpn-in-asa-multiple-mode/m-p/3881317#M31084 johnlloyd_13 2019-06-28T08:58:23Z https://community.cisco.com/t5/network-security/anyconnect-ra-vpn-in-asa-multiple-mode/m-p/3881491#M31085 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/326072">@johnlloyd_13</a>&nbsp;</P> <P>The guide you linked is a valid one, even for 9.8.</P> <P>1. Any AnyConnect 4.x release is compatible. Cisco generally recommends using the latest release (currently 4.7.04056)</P> <P>2. As noted in the linked guide, we make some settings in system context, put the Anyconnect images into shared storage and then used the user context(s) to individually setup Anyconnect. That last bit is pretty much like it's done on a single context ASA.</P> <P>3. You get the 2 "AnyConnect Premium" (roughly equivalent to the current Apex type) licenses per ASA for free. If you need more you need to purchase Anyconnect Plus or Apex (or VPN only) licenses just like with any other ASA. You add those licenses via using the PAK plus serial number(s) to get an activation-key from the software.cisco.com licensing portal.</P> <P>&nbsp;</P> Fri, 28 Jun 2019 13:50:31 GMT https://community.cisco.com/t5/network-security/anyconnect-ra-vpn-in-asa-multiple-mode/m-p/3881491#M31085 Marvin Rhoads 2019-06-28T13:50:31Z https://community.cisco.com/t5/network-security/anyconnect-ra-vpn-in-asa-multiple-mode/m-p/3881905#M31086 <P>hi marvin,</P><P>is this the ONLY file i need to transfer in the ASA flash? users are ONLY using windows.</P><P><FONT color="#FF0000"><EM><SPAN class="pointer text-darkgreen">anyconnect-win-4.7.04056-webdeploy-k9.pkg</SPAN></EM></FONT></P><P>&nbsp;</P><P><EM><SPAN class="pointer text-darkgreen">also, below is my template. appreciate if you let me know if there's any error in my config.</SPAN></EM></P><P>&nbsp;</P><P><SPAN class="pointer text-darkgreen">do i need to transfer the anyconnect image file twice? one to disk0 and another to the private 'virtual flash'?</SPAN></P><P>&nbsp;</P><P><EM>changeto system</EM></P><P>&nbsp;</P><P><EM>class VPN</EM><BR /><EM><FONT color="#FF0000">limit-resource VPN AnyConnect 4&nbsp;</FONT>&nbsp;&nbsp; &lt;&lt;&lt; I CURRENTLY HAVE 4 ANYCONNECT DEFAULT/BUILT-IN LICENSE</EM><BR /><EM><FONT color="#FF0000">limit-resource VPN Burst AnyConnect 4</FONT></EM></P><P><BR /><EM>mkdir PRIVATE_VPN</EM></P><P><EM><FONT color="#FF0000">copy ftp://ftpuser:ftpuser@172.x.x.x/anyconnect-win-4.7.04056-webdeploy-k9.pkg flash&nbsp;&nbsp; &lt;&lt;&lt; DO I NEED TO TRANSFER ANYCONNECT IMAGE FILE TWICE?<BR /></FONT></EM></P><P><EM><FONT color="#FF0000">copy flash:/anyconnect-win-4.7.04056-webdeploy-k9.pkg flash:/PRIVATE_VPN/CUST-X</FONT></EM></P><P>&nbsp;</P><P><EM>context CUST-X</EM><BR /><EM><FONT color="#FF0000">member VPN</FONT></EM><BR /><EM>allocate-interface GigabitEthernet0/0</EM><BR /><EM>allocate-interface GigabitEthernet0/1.9 </EM><BR /><EM>config-url disk0:/VPN.cfg</EM><BR /><EM><FONT color="#FF0000">storage-url private disk0:/PRIVATE_VPN CUST-X</FONT></EM></P><P>&nbsp;</P> Sat, 29 Jun 2019 14:07:13 GMT https://community.cisco.com/t5/network-security/anyconnect-ra-vpn-in-asa-multiple-mode/m-p/3881905#M31086 johnlloyd_13 2019-06-29T14:07:13Z