Solved: Old Cisco VPN client Licensing

rjadhav163 · ‎12-21-2016

Hello

my client currently has ASA 5520 running with RA VPN using the old Cisco VPN Client v5.

Now the client wants to migrate to ASA5525 and maintain RA VPN with Cisco VPN Client v5 as well as add AnyConnect RA VPN.

So the question is what happens to the Cisco VPN Client v5 Licenses? How do I migrate them? Is there any documentation for such a scenario?

Thanks and Regards,

R

Karsten Iwen · ‎12-21-2016

You only have to buy licenses for AnyConnect.

The legacy VPN-client is EOL and there is no license that could be migrated. You can configure the same legacy VPN on the new ASA. The only limiting factor is the client-software itself that often doesn't work anymore on modern OS.

View solution in original post

Karsten Iwen · ‎01-02-2017

when you say "modern OS" in your answer, you mean the OS on end device, right? Like Win 7 and Win 10 64 bit, Android etc.?

right, Win10 for example is too new for the legacy client. It's not supported any more on Win10.

You dont have to upload the old client on ASA like we have to upload AnyConnect image on ASA right?

Right, the legacy client was only distributed/updated by other means then by the ASA.

IMHO, it's not worth any more to spend any time on the legacy client. Go directly to AnyConnect if you want to deploy RA-VPN.

View solution in original post

Karsten Iwen · ‎12-21-2016

You only have to buy licenses for AnyConnect.

The legacy VPN-client is EOL and there is no license that could be migrated. You can configure the same legacy VPN on the new ASA. The only limiting factor is the client-software itself that often doesn't work anymore on modern OS.

rjadhav163 · ‎01-02-2017

Hi Karsten,

thanks for your answer. Just to be absolutely sure, when you say "modern OS" in your answer,

you mean the OS on end device, right? Like Win 7 and Win 10 64 bit, Android etc.?

And not the ASA Software like 9.6.2? You dont have to upload the old client on ASA like we have to upload AnyConnect image on ASA right?

Thanks and Regards,

R

Karsten Iwen · ‎01-02-2017

when you say "modern OS" in your answer, you mean the OS on end device, right? Like Win 7 and Win 10 64 bit, Android etc.?

right, Win10 for example is too new for the legacy client. It's not supported any more on Win10.

You dont have to upload the old client on ASA like we have to upload AnyConnect image on ASA right?

Right, the legacy client was only distributed/updated by other means then by the ASA.

IMHO, it's not worth any more to spend any time on the legacy client. Go directly to AnyConnect if you want to deploy RA-VPN.

rjadhav163 · ‎01-02-2017

Hi Kevin,

thanks for the quick response. Yes I do strongly advice my clients to discontinue old VPN Client and migrate to AnyConnect Only based solution. However, this particular client wants to run both in parallel i.e. RA VPN using Old VPN Client and AnyConnect Client.

Karsten Iwen · ‎01-02-2017

However, this particular client wants to run both in parallel i.e. RA VPN using Old VPN Client and AnyConnect Client.

That's no problem. The ASA can have both configured at the same time. I would just make sure that every time a notebook is touched, the client gets changed to AnyConnect. Later when all devices are migrated, you can clean up your ASA and remove the legacy config.

Running both in parallel was probably done by most ASA admins in the last years.