Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1318
Views
0
Helpful
3
Replies

Cisco ISE endpoint posturing with anyconnect apex license

Go to solution
pmlam3274
Level 1
Level 1

‎01-26-2017 11:13 AM - edited ‎03-11-2019 12:24 AM

not long ago, I was told in order to use the anyconnect posture module, I will need to purchase the anyconnect apex license, which is fine. However what is odd to me is that the part number (L-AC-APX-3RY-G) is the same part number for the Cisco ASA SSL VPN license. So my question, will I able to use this anyconnect apex license that I purchase for Cisco ISE, on the Cisco ASA as well?  I am a little confused since I was also told the Anyconnect APEX license for Cisco ISE is honor based only.  Hopefully someone here can answer my question. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎01-26-2017 11:49 AM

Short answer is yes as it is the same license. The Anyconnect Apex (similar to the old Anyconnect Premium) adds the following functionality to the Anyconnect plus (old Anyconnect essentials) license:

Clientless (browser-based) VPN termination on the Cisco Adaptive Security Appliance
VPN compliance and posture agent in conjunction with the Cisco Adaptive Security Appliance
Unified compliance and posture agent in conjunction with the Cisco Identity Services Engine 1.3 or later
Next-generation encryption (Suite B) with AnyConnect and third-party (non-AnyConnect) IKEv2 VPN clients
Network Visibility Module (new in 4.2)

So both the Posture and the VPN is covered under the same license. You would just have to purchase the right count for the number of concurrent VPN users in your environment.

More information about the licenses are here:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200191-AnyConnect-Licensing-Frequently-Asked-Qu.html#anc16

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎01-26-2017 11:49 AM

Short answer is yes as it is the same license. The Anyconnect Apex (similar to the old Anyconnect Premium) adds the following functionality to the Anyconnect plus (old Anyconnect essentials) license:

Clientless (browser-based) VPN termination on the Cisco Adaptive Security Appliance
VPN compliance and posture agent in conjunction with the Cisco Adaptive Security Appliance
Unified compliance and posture agent in conjunction with the Cisco Identity Services Engine 1.3 or later
Next-generation encryption (Suite B) with AnyConnect and third-party (non-AnyConnect) IKEv2 VPN clients
Network Visibility Module (new in 4.2)

So both the Posture and the VPN is covered under the same license. You would just have to purchase the right count for the number of concurrent VPN users in your environment.

More information about the licenses are here:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200191-AnyConnect-Licensing-Frequently-Asked-Qu.html#anc16

0 Helpful

Go to solution
pmlam3274
Level 1
Level 1
In response to Rahul Govindan

‎03-08-2017 05:48 PM

Thank you for the info.  Since the apex license can be use both on Cisco ISE and Cisco ASA, does it mean I can register the same license to both systems?

0 Helpful

Go to solution
pmlam3274
Level 1
Level 1

‎04-17-2017 12:35 PM

Rahul,

If I purchase the L-AC-APX-3Y-S5 for 1000 users, do you know if I can split it 500 each and apply it to 2 different ASA?

0 Helpful
Customers Also Viewed These Support Documents