Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1675
Views
0
Helpful
2
Replies

ASA License Upgrade

Go to solution
Stephen Sisson
Level 1
Level 1

‎07-25-2013 08:57 AM - edited ‎03-11-2019 07:17 PM

Hi there

Quick easy question - I hope

We have one or more ASA 5505 with the 10 user license, would like to upgrade to allow anything, VPN access, SSL access, no limit for users internal and external.

Can we buy this upgrade license? if so who can we buy this from, what are the steps for doing this upgrade, can we use the same license on all the ASA's we have or is it one license per firewall?

Thank you

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎07-25-2013 09:33 AM

Hi,

Although I am usually the person that activates licenses on our ASAs, I am usually not the one ordering these licenses. A company that sells Cisco equipment to us usually handles that we get the correct licenses for our needs.

But in the case of ASA5505 I would think that the Security Plus license is one option. It removes the users and Vlan limitations from the ASA5505 unit for example.

Here is a link to a site that explains the ASA Licensing

http://packetpushers.net/cisco-asa-licensing-explained/

Here is a link to a Cisco document about the ASA5505 and ASA5510 models and some of their licenses

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html

Here is also link to a Cisco document section where the ASA5505 model available licenses are mentioned

http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html#wp2141762

Notice also that the ASA5505 model by default allows 2 concurrent AnyConnect SSL or Clientless SSL connections and the maximum amount the device can be licensed for is 25 concurrent VPN connections.

So I am not 100% sure if in your case you should get Security Plus license and perhaps AnyConnect Essentials.

To my understanding the Security Plus license would provide with Unlimited Users and remove the restrictions on the Vlan interface amounts and Trunking.

AnyConnect Essentials would allow you to use the maximum amount of (25) concurrent AnyConnect SSL Client connections. If you wanted Clientless SSL connections then to my understanding you would have to get the AnyConnect Premium licensing.

The difference between the AnyConnect Essentials and AnyConnect Premium is that AnyConnect Essentials immediately allows you to use the maximum amount of concurrent AnyConnect Client VPN connections with the ASA model in question (ASA5505 supports 25 max). This however doesnt enable Clientless SSL VPN connections in the same way. If you need those then to my understanding you need to get AnyConnect Premium licensing which are sold in certain user amounts and DONT automatically let you use the maximum amount supported by the ASA platform.

All these licenses are to my understanding per device. Though there are some VPN related licensing implementations where to my understanding a single ASA unit can hold the VPN license and allocate it to other units according to need. Though I doubt this is not something you would need.

Usually installing such a license is just inserting an Activation Key in the CLI of the ASA. Before that you might need to go to the Cisco site an enter a code and the serial number of the ASA to receive the actication key through email. At the most the ASA might need a reboot after inserting the activation key but usually not even that.

I don't know where you could buy the license from as I said I dont usually handle them. I would imagine that you can find some company that handles selling Cisco equipment and licenses and they could provide you with the exact licenses you might need.

So I would suggest you try to find a company that sells those and use their help to choose the correct licensing for your needs.

Naturally you can also wait for someone else to answer and clarify the situation if I missed something or got something wrong.

Hopefully I have not managed to give any wrong information above

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎07-25-2013 09:33 AM

Hi,

Although I am usually the person that activates licenses on our ASAs, I am usually not the one ordering these licenses. A company that sells Cisco equipment to us usually handles that we get the correct licenses for our needs.

But in the case of ASA5505 I would think that the Security Plus license is one option. It removes the users and Vlan limitations from the ASA5505 unit for example.

Here is a link to a site that explains the ASA Licensing

http://packetpushers.net/cisco-asa-licensing-explained/

Here is a link to a Cisco document about the ASA5505 and ASA5510 models and some of their licenses

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html

Here is also link to a Cisco document section where the ASA5505 model available licenses are mentioned

http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html#wp2141762

Notice also that the ASA5505 model by default allows 2 concurrent AnyConnect SSL or Clientless SSL connections and the maximum amount the device can be licensed for is 25 concurrent VPN connections.

So I am not 100% sure if in your case you should get Security Plus license and perhaps AnyConnect Essentials.

To my understanding the Security Plus license would provide with Unlimited Users and remove the restrictions on the Vlan interface amounts and Trunking.

AnyConnect Essentials would allow you to use the maximum amount of (25) concurrent AnyConnect SSL Client connections. If you wanted Clientless SSL connections then to my understanding you would have to get the AnyConnect Premium licensing.

The difference between the AnyConnect Essentials and AnyConnect Premium is that AnyConnect Essentials immediately allows you to use the maximum amount of concurrent AnyConnect Client VPN connections with the ASA model in question (ASA5505 supports 25 max). This however doesnt enable Clientless SSL VPN connections in the same way. If you need those then to my understanding you need to get AnyConnect Premium licensing which are sold in certain user amounts and DONT automatically let you use the maximum amount supported by the ASA platform.

All these licenses are to my understanding per device. Though there are some VPN related licensing implementations where to my understanding a single ASA unit can hold the VPN license and allocate it to other units according to need. Though I doubt this is not something you would need.

Usually installing such a license is just inserting an Activation Key in the CLI of the ASA. Before that you might need to go to the Cisco site an enter a code and the serial number of the ASA to receive the actication key through email. At the most the ASA might need a reboot after inserting the activation key but usually not even that.

I don't know where you could buy the license from as I said I dont usually handle them. I would imagine that you can find some company that handles selling Cisco equipment and licenses and they could provide you with the exact licenses you might need.

So I would suggest you try to find a company that sells those and use their help to choose the correct licensing for your needs.

Naturally you can also wait for someone else to answer and clarify the situation if I missed something or got something wrong.

Hopefully I have not managed to give any wrong information above

- Jouni

0 Helpful

Go to solution
Stephen Sisson
Level 1
Level 1
In response to Jouni Forss

‎07-25-2013 09:40 AM

- Jouni, you are the best

Thank you for the complete guide for doing this upgrade, I’m armed and ready to buy, and then upgrade our ASA

Thank you

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card