04-23-2012 04:42 AM - edited 03-11-2019 03:56 PM
Good day everyone,
I know it has been discussed before but still after reading cisco.com and Netpro resources
I came up confused about this, so would much appreciate clarification,if possible with references .
Issue is simple - ASA5505 , client wants to have 25 AnyConnect users to be able to connect simultaneously (no need specifically in clientless, network mode Anyconnect will do).
My question is - will L-ASA-AC-E-5505= license provide for this ?
if not, then which one instead of this or in addition (Security Plus, L-ASA-SSL-25=, something else) ?
My problem understanding the documentation is that many sources say that cumulative number of
connected VPN clients cannot pass [and here definitions vary] - " maximum concurrent IPsec session count shown in the chart [here ASA5505 is 25]. " or " number of licensed sessions on the device" [how do I see this in ASA ?] ...
To simplify my question I see following possible combinations, which one will provide for 25 AnyConnect client users ?
Base License + L-ASA-AC-E-5505=
Base License + L-ASA-SSL-25=
Plus license + L-ASA-AC-E-5505=
Thanks
Yuri
PS Some references I consulted so far :
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e39.html
https://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/intro_license.html#wp1971019
https://supportforums.cisco.com/message/3569899#3569899
Sh ver of ASA:
System image file is "disk0:/asa832-k8.bin"
Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 3 DMZ Restricted
Dual ISPs : Disabled perpetual
VLAN Trunk Ports : 0 perpetual
Inside Hosts : 10 perpetual
Failover : Disabled perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
SSL VPN Peers : 2 perpetual
Total VPN Peers : 10 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
AnyConnect Essentials : Enabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has a Base license.
Solved! Go to Solution.
04-23-2012 07:35 AM
The ASA 5505 Base License by itself allows 10 simultaneous IPsec peers.
Adding either AnyConnect Essentials (L-ASA-AC-E-5505=) or the Security Plus license (ASA5505-SEC-PL=) increases that limit to 25. The advantage of Essentials is that it adds support for AnyConnect clients (IPsec-IKEv2 or client-based SSL VPN remote access) as opposed to the older IPSec-IKEv1 Cisco VPN client you would otherwise be limited to.
Your output above indicates you have AnyConnect Essentials license activated so you should be good to go.
Note you are limited to 10 inside hosts due to your user level license (limitation unique to 5505). To increase that you would need either ASA5505-SW-10-50= or ASA5505-SW-50-UL= to increase it to 50 or unlimited users, respectively.
04-23-2012 07:35 AM
The ASA 5505 Base License by itself allows 10 simultaneous IPsec peers.
Adding either AnyConnect Essentials (L-ASA-AC-E-5505=) or the Security Plus license (ASA5505-SEC-PL=) increases that limit to 25. The advantage of Essentials is that it adds support for AnyConnect clients (IPsec-IKEv2 or client-based SSL VPN remote access) as opposed to the older IPSec-IKEv1 Cisco VPN client you would otherwise be limited to.
Your output above indicates you have AnyConnect Essentials license activated so you should be good to go.
Note you are limited to 10 inside hosts due to your user level license (limitation unique to 5505). To increase that you would need either ASA5505-SW-10-50= or ASA5505-SW-50-UL= to increase it to 50 or unlimited users, respectively.
04-23-2012 11:06 PM
Thanks a lot
Yuri
09-03-2013 12:26 PM
Sorry to hijack a thread, but I too need just a little clarification.
Current licensing shows
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 50
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 10
Dual ISPs : Disabled
VLAN Trunk Ports : 0
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has a Base license.
I have about 15 users that want VPN capability (not sure how many would be connected concurrently, but assume it would be more than 2) If I am reading you correctly, I can add the Anyconnect essentials L-ASA-AC-E-5505= and that would allow up to 25 VPN users, but they would need to use the anyconnect client and not the web based ssl (not a problem) or I could add the L-ASA5505-SEC-PL= to allow the same number of VPN connections???? but the L-ASA5505-SEC-PL= costs almost 10 times what the L-ASA-AC-E-5505= does. (at least using CDW pricing)
To add to my confusion the Cisco chat tech told me to purchase L-ASA-SSL-10= to allow 10 VPN users (at an even higher cost) - - - and I am hoping to allow a few of my users to connect using an android tablet - Does that require a mobility license for each android tablet? or just a mobility license for the 5505 to allow "non computer" connections?
Thanks for any clarification
Dennis
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide