02-14-2022 11:16 AM
Does the base license give me the ability to create site-to-site ipSec connections? Or do I need the RA VPN license to enable that feature?
Solved! Go to Solution.
02-14-2022 11:28 AM
The site to site VPN is supported by default on the FTD without any specific license requirement. You would need the RAVPN licenses only if you are planning to use AnyConnect.
02-14-2022 12:06 PM - edited 02-14-2022 12:17 PM
AnyConnect PLUS
* VPN functionality for PC and mobile platforms, including per-app VPN on mobile platforms.
* Basic endpoint context collection (Note: NOT full ISE context support).
* IEEE 802.1X Windows supplicant.
* Cisco Cloud Web Security agent for Windows & Mac OS X platforms.
* Cisco Web Security Appliance support.
* FIPS compliance.
AnyConnect APEX
* Everything that’s included in AnyConnect Plus.
* Clientless (browser-based) VPN termination on the Cisco ASA.
* VPN Compliance/Posture agent in conjunction with the Cisco ASA.
* Unified Compliance/Posture agent in conjunction with the Cisco ISE 1.3 or later.
* Next Generation Encryption/Suite B.
Below is the cisco link for anyconnect FAQ
The RA-VPN licenses require AnyConnect (Plus or Apex) subscription. However, those are only for RA-VPN. If you want to configure Site-to-Site VPN (IPSec) you don't need to purchase any additional licenses.
similar discussion happened in past here and
here for you firewall get onboard with cisco smart licenicing and get the strong encryption enable to use for VPN-TUNNEL with strong encryption. otherwise it will be 3Des.
Are you going to manage this Firewall from FMC or you using this firewall standalone?
02-14-2022 11:28 AM
The site to site VPN is supported by default on the FTD without any specific license requirement. You would need the RAVPN licenses only if you are planning to use AnyConnect.
10-14-2023 07:35 PM
Thank for your comment @Aref Do you know how to by a license for RA VPN for Firepower FTD 1010 running ASA version 16.xx. Thanks
02-14-2022 12:06 PM - edited 02-14-2022 12:17 PM
AnyConnect PLUS
* VPN functionality for PC and mobile platforms, including per-app VPN on mobile platforms.
* Basic endpoint context collection (Note: NOT full ISE context support).
* IEEE 802.1X Windows supplicant.
* Cisco Cloud Web Security agent for Windows & Mac OS X platforms.
* Cisco Web Security Appliance support.
* FIPS compliance.
AnyConnect APEX
* Everything that’s included in AnyConnect Plus.
* Clientless (browser-based) VPN termination on the Cisco ASA.
* VPN Compliance/Posture agent in conjunction with the Cisco ASA.
* Unified Compliance/Posture agent in conjunction with the Cisco ISE 1.3 or later.
* Next Generation Encryption/Suite B.
Below is the cisco link for anyconnect FAQ
The RA-VPN licenses require AnyConnect (Plus or Apex) subscription. However, those are only for RA-VPN. If you want to configure Site-to-Site VPN (IPSec) you don't need to purchase any additional licenses.
similar discussion happened in past here and
here for you firewall get onboard with cisco smart licenicing and get the strong encryption enable to use for VPN-TUNNEL with strong encryption. otherwise it will be 3Des.
Are you going to manage this Firewall from FMC or you using this firewall standalone?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide