Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2120
Views
0
Helpful
7
Replies

ASA5506 with FTD - Remote Access IPsec?

train_wreck
Level 1
Level 1

‎01-11-2019 12:53 AM - edited ‎02-21-2020 08:39 AM

I am considering re-flashing my ASA5506 from ASA to FTD. I am reading that there is a license required for Remote Access VPN operation, but all documents mention SSL (or "Anyconnect"). Right now using the "traditional" ASA OS, my ASA has no problem running an IKE-based IPsec Remote Access VPN.

 

Does an ASA with FTD support Remote Access VPN via IPsec? If I upgrade to FTD, will I have to purchase a new license just to use this feature I'm already using? The documentation doesn't mention it, but I would find it exceptionally hard to believe it's not available.....

FirePOWER

0 Helpful
7 Replies 7

Abheesh Kumar
VIP Alumni
VIP Alumni

‎01-11-2019 12:58 AM

Hi,
What is the current license in ASA.
FTD supports remote access VPN not the traditional client VPN.

HTH
Abheesh
0 Helpful

train_wreck
Level 1
Level 1
In response to Abheesh Kumar

‎01-11-2019 01:00 AM

The Running Activation Key feature: 2 security contexts exceed the limit on the platform, reduced to 0 security contexts.

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 5              perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Carrier                           : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 10             perpetual
Total VPN Peers                   : 12             perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Shared License                    : Disabled       perpetual
Total TLS Proxy Sessions          : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has a Base license.

The flash permanent activation key is the SAME as the running permanent key.

 

What do you mean when you say "FTD supports remote access VPN not the traditional client VPN."..... this is unclear.

 

0 Helpful

Abheesh Kumar
VIP Alumni
VIP Alumni
In response to train_wreck

‎01-11-2019 01:45 AM

Hi,

Your current license cannot be used in FTD. By default you can use 2 anyconnect license 

As FTD required Smart license you need to register FTD with cisco smart license portal.

 

HTH

Abheesh

0 Helpful

train_wreck
Level 1
Level 1
In response to Abheesh Kumar

‎01-11-2019 01:46 AM

*sigh* I'm not trying to use AnyConnect, I'm trying to use IPsec.....

0 Helpful

Abheesh Kumar
VIP Alumni
VIP Alumni
In response to train_wreck

‎01-11-2019 01:51 AM

IPsec is the protocol you are using. For connecting you should use anyconnect or site to site VPN.
Are you using site to site VPN
0 Helpful

train_wreck
Level 1
Level 1
In response to Abheesh Kumar

‎01-11-2019 01:55 AM - edited ‎01-11-2019 01:55 AM

No, I am using the built-in IPsec client that comes with many devices/OSes (Android, iOS, OSX, Linux, etc) to connect Remote-Access style to my ASA. I would specifically like to avoid using AnyConnect.

 

If I'm understanding you correctly, you are saying that FTD will not support me using those built-in clients to connect to a Remote Access VPN - AnyConnect is the only option?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card