cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
451
Views
0
Helpful
0
Replies

ASA/AnyConnect: Clarification of AnyConnect lincenses

swscco001
Level 1
Level 1

Hello everybody,

a customer reported that AnyConnect users will be disconnected sporadically

and will be prompted to login again but this time without success.

When they retriy this he get a new VPN session.

But the  ASA consider the session still active and that needs to be logged out by the admin manually.

This is an disadvantage when the user usually get the same IP address assigned because the correct IP address for the user is blocked by the "dead" session and then he gets another one and don't reach all targets anymore.

 

I asked myself why a AnyConnect user was disconnected at all and saw in the ASDM that 122 AnyConnect users are connected simultanously.

When I check the 'show version' output I get this:

 

Result of the command: "sh ver"

Cisco Adaptive Security Appliance Software Version 9.12(4)35 <context>
SSP Operating System Version 2.6(1.239)
Device Manager Version 7.15(1)150

Compiled on Wed 06-Oct-21 22:41 GMT by builders

asa1-1 up 56 days 23 hours
failover cluster up 4 years 130 days

Hardware:   ASA5516
The Running Activation Key feature: 500 AnyConnect Premium sessions exceed the limit on the platform, reduced to 300 AnyConnect Premium sessions.

Licensed features for this user context:
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Carrier                           : Disabled       perpetual
AnyConnect Premium Peers          : 100            perpetual
Other VPN Peers                   : 100            perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Enabled        perpetual
Advanced Endpoint Assessment      : Enabled        perpetual
Botnet Traffic Filter             : Disabled       perpetual
Cluster                           : Enabled        perpetual
Cluster Members                   : 2              perpetual
VPN Load Balancing                : Enabled        perpetual


Failover cluster licensed features for this user context:
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Carrier                           : Disabled       perpetual
AnyConnect Premium Peers          : 100            perpetual
Other VPN Peers                   : 100            perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Enabled        perpetual
Advanced Endpoint Assessment      : Enabled        perpetual
Botnet Traffic Filter             : Disabled       perpetual
Cluster                           : Enabled        perpetual
VPN Load Balancing                : Enabled        perpetual

Image type                : Release
Key Version               : A


500, 300, 100:  This output is confusing

How many AnyConnect users can build a VPN tunnel simultanously to the ASA context at this output?

Thanks a lot!



Bye
R.

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: