Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14443
Views
20
Helpful
13
Replies

Firepower 2140 VPN Support/Licensing

Go to solution
Jim Matuska
Level 1
Level 1

‎11-14-2018 08:56 AM - edited ‎03-12-2019 07:05 AM

We just purchase a couple 2140 NGFW's with Threat and Malware license subscriptions.  I noticed there is a RA VPN license activation that is showing by default as disabled by user.  

 

Without buying additional licensing with the base license and Threat and Malware subscriptions will we be able to setup L2TP Client VPN configurations as well as site to site IPSec VPN's on the 2140's?  

 

Jim

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Abheesh Kumar
VIP Alumni
VIP Alumni
In response to Jim Matuska

‎11-15-2018 01:32 PM

Hi,

AnyConnect PLUS

* VPN functionality for PC and mobile platforms, including per-app VPN on mobile platforms.
* Basic endpoint context collection (Note: NOT full ISE context support).
* IEEE 802.1X Windows supplicant.
* Cisco Cloud Web Security agent for Windows & Mac OS X platforms.
* Cisco Web Security Appliance support.
* FIPS compliance.


AnyConnect APEX

* Everything that’s included in AnyConnect Plus.
* Clientless (browser-based) VPN termination on the Cisco ASA.
* VPN Compliance/Posture agent in conjunction with the Cisco ASA.
* Unified Compliance/Posture agent in conjunction with the Cisco ISE 1.3 or later.
* Next Generation Encryption/Suite B.

 

Below is the cisco link for anyconnect FAQ

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200191-AnyConnect-Licensing-Frequently-Asked-Qu.html

HTH

Abheesh

View solution in original post

13 Replies 13

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎11-14-2018 11:07 AM

Hi Jim-

 

The RA-VPN licenses require AnyConnect (Plus or Apex) subscription. However, those are only for RA-VPN. If you want to configure Site-to-Site VPN (IPSec) you don't need to purchase any additional licenses. 

 

I hope this helps!

 

Thank you for rating helpful posts!

Go to solution
Jim Matuska
Level 1
Level 1
In response to nspasov

‎11-14-2018 11:15 AM

Are L2TP VPN Clients still supported in Firepower like on the older ASA's?  

 

Jim

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Jim Matuska

‎11-14-2018 06:01 PM

Remote access L2TP VPN clients are not supported on FTD.

 

We can pass their traffic through (via prefilter) but not terminate it.

0 Helpful

Go to solution
NeWGuy1109
Level 1
Level 1
In response to Marvin Rhoads

‎11-25-2019 05:56 AM

Does Cisco 4100 with FTD logical device require any additional licensing for multiple Site - Site VPN tunnels ?

Thanks
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to NeWGuy1109

‎11-25-2019 07:12 AM

@NeWGuy1109 no it doesn't.

It will support the maximum number per the hardware constraints with the base license installed.

Go to solution
NeWGuy1109
Level 1
Level 1
In response to Marvin Rhoads

‎11-25-2019 09:33 AM

Thanks.. how can i find out the maximum number for it ?
0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to NeWGuy1109

‎11-25-2019 09:48 AM

You can check the official data sheet for this:

https://www.cisco.com/c/en/us/products/collateral/security/firepower-2100-series/datasheet-c78-742473.html

Thank you for rating helpful posts!

0 Helpful

Go to solution
Jim Matuska
Level 1
Level 1
In response to nspasov

‎11-15-2018 10:23 AM

Is there any VPN Client software supported to connect without a special license requirement or would we have to buy licensing for RA VPN?  We are looking at less than a dozen VPN Client users.  

 

Jim

0 Helpful

Go to solution
Abheesh Kumar
VIP Alumni
VIP Alumni
In response to Jim Matuska

‎11-15-2018 01:04 PM

Hi,

FTD supports Any connect Client VPN & IPSec Site to Site VPN. 

Old client vpn will not support in FTD. For remote access VPN you need to buy Anyconnect Plus (L-AC-PLS-LIC=) or Apex (L-AC-APX-LIC=) license. Minimum license count is 25.

 

HTH

Abheesh

Go to solution
Jim Matuska
Level 1
Level 1
In response to Abheesh Kumar

‎11-15-2018 01:22 PM

What is the difference between the Plus and Apex VPN Client/licensing?  

0 Helpful

Go to solution
Abheesh Kumar
VIP Alumni
VIP Alumni
In response to Jim Matuska

‎11-15-2018 01:32 PM

Hi,

AnyConnect PLUS

* VPN functionality for PC and mobile platforms, including per-app VPN on mobile platforms.
* Basic endpoint context collection (Note: NOT full ISE context support).
* IEEE 802.1X Windows supplicant.
* Cisco Cloud Web Security agent for Windows & Mac OS X platforms.
* Cisco Web Security Appliance support.
* FIPS compliance.


AnyConnect APEX

* Everything that’s included in AnyConnect Plus.
* Clientless (browser-based) VPN termination on the Cisco ASA.
* VPN Compliance/Posture agent in conjunction with the Cisco ASA.
* Unified Compliance/Posture agent in conjunction with the Cisco ISE 1.3 or later.
* Next Generation Encryption/Suite B.

 

Below is the cisco link for anyconnect FAQ

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200191-AnyConnect-Licensing-Frequently-Asked-Qu.html

HTH

Abheesh

Go to solution
k.nandakumar
Level 1
Level 1
In response to Abheesh Kumar

‎11-15-2018 10:40 PM

AS of now, when running RA VPN on FTD, there is no difference between AnyConnect Plus, Apex or VPN-Only. You can buy any of these license and get same result.   

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to k.nandakumar

‎11-15-2018 11:56 PM

Even though the feature limitations are not enforced via technical means, you are still required to operate per the terms of the End User License Agreement (EULA).

 

So you have to buy the license type and quantity that meets your requirements and operate accordingly.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card