12-21-2016 12:00 AM - edited 03-12-2019 01:41 AM
Hello
my client currently has ASA 5520 running with RA VPN using the old Cisco VPN Client v5.
Now the client wants to migrate to ASA5525 and maintain RA VPN with Cisco VPN Client v5 as well as add AnyConnect RA VPN.
So the question is what happens to the Cisco VPN Client v5 Licenses? How do I migrate them? Is there any documentation for such a scenario?
Thanks and Regards,
R
Solved! Go to Solution.
12-21-2016 12:34 AM
You only have to buy licenses for AnyConnect.
The legacy VPN-client is EOL and there is no license that could be migrated. You can configure the same legacy VPN on the new ASA. The only limiting factor is the client-software itself that often doesn't work anymore on modern OS.
01-02-2017 01:19 AM
when you say "modern OS" in your answer, you mean the OS on end device, right? Like Win 7 and Win 10 64 bit, Android etc.?
right, Win10 for example is too new for the legacy client. It's not supported any more on Win10.
You dont have to upload the old client on ASA like we have to upload AnyConnect image on ASA right?
Right, the legacy client was only distributed/updated by other means then by the ASA.
IMHO, it's not worth any more to spend any time on the legacy client. Go directly to AnyConnect if you want to deploy RA-VPN.
12-21-2016 12:34 AM
You only have to buy licenses for AnyConnect.
The legacy VPN-client is EOL and there is no license that could be migrated. You can configure the same legacy VPN on the new ASA. The only limiting factor is the client-software itself that often doesn't work anymore on modern OS.
01-02-2017 12:42 AM
Hi Karsten,
thanks for your answer. Just to be absolutely sure, when you say "modern OS" in your answer,
you mean the OS on end device, right? Like Win 7 and Win 10 64 bit, Android etc.?
And not the ASA Software like 9.6.2? You dont have to upload the old client on ASA like we have to upload AnyConnect image on ASA right?
Thanks and Regards,
R
01-02-2017 01:19 AM
when you say "modern OS" in your answer, you mean the OS on end device, right? Like Win 7 and Win 10 64 bit, Android etc.?
right, Win10 for example is too new for the legacy client. It's not supported any more on Win10.
You dont have to upload the old client on ASA like we have to upload AnyConnect image on ASA right?
Right, the legacy client was only distributed/updated by other means then by the ASA.
IMHO, it's not worth any more to spend any time on the legacy client. Go directly to AnyConnect if you want to deploy RA-VPN.
01-02-2017 01:28 AM
Hi Kevin,
thanks for the quick response. Yes I do strongly advice my clients to discontinue old VPN Client and migrate to AnyConnect Only based solution. However, this particular client wants to run both in parallel i.e. RA VPN using Old VPN Client and AnyConnect Client.
01-02-2017 02:20 AM
However, this particular client wants to run both in parallel i.e. RA VPN using Old VPN Client and AnyConnect Client.
That's no problem. The ASA can have both configured at the same time. I would just make sure that every time a notebook is touched, the client gets changed to AnyConnect. Later when all devices are migrated, you can clean up your ASA and remove the legacy config.
Running both in parallel was probably done by most ASA admins in the last years.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide