06-28-2020 05:54 AM - edited 06-28-2020 05:55 AM
Hi,
Regarding ISE Licenses, I would like to know what the Anyconnect Apex License is for. Is it the same as Apex License? We have an existing anyconnect apex license on paper but I cannot seem to locate it in ISE Web GUI under Administration>License, also on CLI. We are about to renew our ISE licenses and I need to verify if we are consuming the anyconnect apex license we have. If anyone knows where I can find it and how many is being consumed it would be greatly appreciated.
Justin
Solved! Go to Solution.
06-28-2020 07:14 AM
you can view the license usage as mentioned below document from GUI :
below table explain Apex License :
Base L-ISE-BSE-PLIC=** |
Plus L-ISE-PLS-LIC=** |
Apex L-ISE-APX-LIC=** |
Device Admin L-ISE-TACACS-ND=** |
VM Licenses* |
---|---|---|---|---|
|
|
+AnyConnect Apex License
|
|
|
Perpetual (Permanent) License | Subscription (1, 3, or 5 years) | Subscription (1, 3, or 5 years) |
Perpetual (Permanent) License NOT Based upon Network Device count |
Perpetual (Permanent) License |
06-28-2020 07:33 AM
Funny this popped up as a customer of mine and TAC just went through/over this. The AnyConnect Apex Licenses are essentially a "right-to-use" thing when referring to ISE solutions. ISE does not show them and you will not be able to track consumption via ISE. The ISE Apex licenses are session based and enable certain functionalities shown in the table from @balaji.bandi . To answer your question I would determine if any of those solutions/functionalities are in use. Here is an example: If you do posture assessment for wired, wireless, or VPN you will need an ISE base, ISE apex, and an AnyConnect Apex license for each session. So if you perform posture on 500 users then you would need 500 AnyConnect Apex Licenses. HTH!
06-28-2020 07:14 AM
you can view the license usage as mentioned below document from GUI :
below table explain Apex License :
Base L-ISE-BSE-PLIC=** |
Plus L-ISE-PLS-LIC=** |
Apex L-ISE-APX-LIC=** |
Device Admin L-ISE-TACACS-ND=** |
VM Licenses* |
---|---|---|---|---|
|
|
+AnyConnect Apex License
|
|
|
Perpetual (Permanent) License | Subscription (1, 3, or 5 years) | Subscription (1, 3, or 5 years) |
Perpetual (Permanent) License NOT Based upon Network Device count |
Perpetual (Permanent) License |
06-28-2020 07:28 AM
I appreciate this response and I have gone through below. So Anyconnect Apex license basically is just an Apex license u need when using Anyconnect as a posture agent right? Does this mean that Anyconnect Apex license is included in the Apex license usage shown on the image i attached?
06-28-2020 07:33 AM
Funny this popped up as a customer of mine and TAC just went through/over this. The AnyConnect Apex Licenses are essentially a "right-to-use" thing when referring to ISE solutions. ISE does not show them and you will not be able to track consumption via ISE. The ISE Apex licenses are session based and enable certain functionalities shown in the table from @balaji.bandi . To answer your question I would determine if any of those solutions/functionalities are in use. Here is an example: If you do posture assessment for wired, wireless, or VPN you will need an ISE base, ISE apex, and an AnyConnect Apex license for each session. So if you perform posture on 500 users then you would need 500 AnyConnect Apex Licenses. HTH!
06-28-2020 08:06 AM
Thank you for your response. This is greatly appreciated. So basically it just provides additional functionalities on top of the Apex license which is mainly used when doing posture check through anyconnect on the endpoints.
06-08-2021 04:48 AM
I have been using ISE APEX and Plus license for some time. Never applied Anyconnect Apex license anywhere. Still all working fine.
Should I buy Anyconnect Apex license anymore, if it cannot be applied anywhere
06-08-2021 04:06 PM
The AnyConnect Apex license is a right-to-use entitlement license. If you are using those features, you should have an Apex license for each user to be compliant with the entitlement policy.
See the AnyConnect Ordering Guide and FAQ for more information.
06-09-2021 06:17 AM
Thank you @Greg Gibbs should the license applied in ASA or in ISE ?
As of now posturing is working fine without applying license anywhere. Will I get any extra security feature/protection by applying this license?
06-10-2021 02:14 PM
The AnyConnect Apex is applied on the ASA or on Firepower if you use RAVPN.
It is not applied on WLC or ISE or switches if you use AnyConnect on LAN or WLAN.
11-28-2021 01:54 AM
I think as @Peter Koltl said Anyconnect Apex is consumed in case you need to do posture on endpoints connecting to VPN through ASA. please correct me if I am wrong.
@Justin Acerawhat did you do ? I am in your place right now . I don't have ASA and I am not doing posture on endpoints connecting to VPN. so I won't renew the Apex Anyconnect license .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide