I am looking at the "Peak in Use" and "All in Use" numbers of our AnyConnect Mobile users on our ASA and it doesn't appear to be correct. This is what I see:
show vpn-sessiondb license-summary sum -su
---------------------------------------------------------------------------
VPN Licenses and Configured Limits Summary
---------------------------------------------------------------------------
Status : Capacity : Installed : Limit
-----------------------------------------
AnyConnect Premium : ENABLED : 10000 : 10000 : NONE
AnyConnect Essentials : DISABLED : 10000 : 0 : NONE
Other VPN (Available by Default) : ENABLED : 10000 : 10000 : NONE
Shared License Server : DISABLED
Shared License Participant : DISABLED
AnyConnect for Mobile : ENABLED(Requires Premium or Essentials)
Advanced Endpoint Assessment : ENABLED(Requires Premium)
AnyConnect for Cisco VPN Phone : ENABLED
VPN-3DES-AES : ENABLED
VPN-DES : ENABLED
---------------------------------------------------------------------------
---------------------------------------------------------------------------
VPN Licenses Usage Summary
---------------------------------------------------------------------------
All : Peak : Eff. :
In Use : In Use : Limit : Usage
---------------------------------
AnyConnect Premium : : 271 : 353 : 10000 : 3%
Anyconnect Client : : 271 : 353 : 10000 : 3%
AnyConnect Mobile : : 6375 : 6375 : 10000 : 64%
Clientless VPN : : 0 : 9 : 10000 : 0%
Other VPN : : 12 : 14 : 10000 : 0%
L2TP Clients
Site-to-Site VPN : : 12 : 14 : 10000 : 0%
---------------------------------------------------------------------------
However, when I issue "show vpn-sessiondb detail anyconnect" I only find about 15 connections that are mobile, for instance:
sername : mdoddo-****** Index : 207992
Assigned IP : 10.125.25.227 Public IP : *.*.*.*
Protocol : AnyConnect-Parent SSL-Tunnel
License : AnyConnect Premium, AnyConnect for Mobile
Encryption : AnyConnect-Parent: (1)none SSL-Tunnel: (1)AES128
Hashing : AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA1
Bytes Tx : 34384563 Bytes Rx : 1409422
Pkts Tx : 37756 Pkts Rx : 14158
Pkts Tx Drop : 295 Pkts Rx Drop : 0
Group Policy : LEA-TwoFactor-GP Tunnel Group : LEA-TwoFactor-CP
Login Time : 08:47:29 CDR Thu Aug 12 2021
Duration : 19d 2h:35m:52s
Inactivity : 0h:00m:00s
VLAN Mapping : N/A VLAN : none
Audt Sess ID : ac1015fa32c7800061152671
Security Grp : none
AnyConnect-Parent Tunnels: 1
SSL-Tunnel Tunnels: 1
AnyConnect-Parent:
Tunnel ID : 207992.1
Public IP : *.*.*.*
Encryption : none Hashing : none
TCP Src Port : 48426 TCP Dst Port : 443
Auth Mode : userPassword
Idle Time Out: 30 Minutes Idle TO Left : 27 Minutes
Client OS : apple-ios
Client OS Ver: 14.7.1
Client Type : AnyConnect
Client Ver : Cisco AnyConnect VPN Agent for Apple iPad 4.10.01099
Bytes Tx : 14290794 Bytes Rx : 0
Pkts Tx : 11733 Pkts Rx : 0
Pkts Tx Drop : 0 Pkts Rx Drop : 0
SSL-Tunnel:
Tunnel ID : 207992.3912
Assigned IP : 10.125.25.227 Public IP : *.*.*.*
Encryption : AES128 Hashing : SHA1
Ciphersuite : AES128-SHA
Encapsulation: TLSv1.2 TCP Src Port : 44130
TCP Dst Port : 443 Auth Mode : userPassword
Idle Time Out: 30 Minutes Idle TO Left : 27 Minutes
Client OS : Apple iOS
Client Type : SSL VPN Client
Client Ver : Cisco AnyConnect VPN Agent for Apple iPad 4.10.01099
Bytes Tx : 3654 Bytes Rx : 0
Pkts Tx : 3 Pkts Rx : 0
Pkts Tx Drop : 0 Pkts Rx Drop : 0
Filter Name : DAP-ip-user-605D9B0C
Is there a bug in the license count? Or is there another show command that would show me the actual usage?