cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


745
Views
15
Helpful
6
Replies
Participant

Installing AnyConnect Apex Term on ASA 5525X HA pair

Hello,

 

We just obtained L-S-AC-APX-LIC= SVP Cisco AnyConnect Apex Term Lic PAK for our ASA 5525X HA pair.

 

I went through the registration process and obtained licenses for each of our two ASA's in the HA pair.

 

My questions are:

 

1. Do I need to install this new license on each ASA in the pair or just the license for the primary on the primary?

2. Is the installation of this license service impacting??

3. On the PAK under Entitlement Quantity it says 3000, but in the registration email I received it shows that AnyConnect Premium peers is only at 750 (see below).  Why the discrepancy?

 

Failover                                 : Enabled

Encryption-DES                           : Enabled

Encryption-3DES-AES                      : Enabled  

Security Contexts                        : Default  

GTP/GPRS                                 : Disabled 

AnyConnect Premium Peers                 : 750      

Other VPN Peers                          : Default  

Advanced Endpoint Assessment             : Enabled  

AnyConnect for Mobile                    : Enabled  

AnyConnect for Cisco VPN Phone           : Enabled  

Shared AnyConnect Premium License server : Disabled 

Shared License                           : Disabled 

UC Phone Proxy Sessions                  : Default  

Total UC Proxy Sessions                  : Default  

AnyConnect Essentials                    : Disabled 

Botnet Traffic Filter                    : Disabled 

Intercompany Media Engine                : Disabled 

IPS Module                               : Disabled 

Cluster License                          : Disabled 

vCPUs                                    : 0        

 

Thanks in advance.

 

John

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advocate

Re: Installing AnyConnect Apex Term on ASA 5525X HA pair

1) Just on the active unit of the HA pair (ideally your primary). Should get synchronized with Standby

2) No impact AFAIK.

3) 5525-X only can do a maximum of 750 Anyconnect sessions. So the peer count will be limited to that. 

View solution in original post

6 REPLIES 6
VIP Advocate

Re: Installing AnyConnect Apex Term on ASA 5525X HA pair

1) Just on the active unit of the HA pair (ideally your primary). Should get synchronized with Standby

2) No impact AFAIK.

3) 5525-X only can do a maximum of 750 Anyconnect sessions. So the peer count will be limited to that. 

View solution in original post

Participant

Re: Installing AnyConnect Apex Term on ASA 5525X HA pair

Thank you Rahul.

 

I just installed the license on the active-primary and the new features are reflected in the output of "show ver" for both the platform and the cluster.  When I ran "failover exec standby show ver" from the primary, the features did NOT show up on the platform but does for the cluster.  Is this normal and expected?

 

Thanks.

 

John

VIP Advocate

Re: Installing AnyConnect Apex Term on ASA 5525X HA pair

This is expected. You have not installed a license on the secondary unit, so it only inherits those features when part of the cluster/HA. Make sure you have the AnyConnect image files manually uploaded to both the primary and secondary units. This is not replicated automatically through failover. 

Participant

Re: Installing AnyConnect Apex Term on ASA 5525X HA pair

Thanks again Rahul.

So is there any harm in installing the secondary's license on the secondary?  What happens if the primary totally dies and goes offline such that there no longer is an HA pair?


John

VIP Advocate

Re: Installing AnyConnect Apex Term on ASA 5525X HA pair

No harm in adding it to the Secondary. It does not come into play until the Primary is down for more than 30 days. If the Primary goes down, the secondary uses the cluster license for 30 days. After 30 days it reverts back to its locally installed license.

 

Participant

Re: Installing AnyConnect Apex Term on ASA 5525X HA pair

Perfect!! Thanks so much for the quick responses Rahul! Have a great day.