Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
884
Views
0
Helpful
4
Replies

When upgrading to use Anyconnect, does this impact the current IPSEC allowance?

Go to solution
chris
Level 1
Level 1

‎06-30-2011 04:57 AM - edited ‎03-11-2019 01:53 PM

I have a ASA5505 with the Sec Plus license on it. This allows 25 VPN peers at any time according to the show version output:

Licensed features for this platform:

Maximum Physical Interfaces  : 8

VLANs                        : 20, DMZ Unrestricted

Inside Hosts                 : Unlimited

Failover                     : Active/Standby

VPN-DES                      : Enabled

VPN-3DES-AES                 : Enabled

VPN Peers                    : 25

WebVPN Peers                 : 2

Dual ISPs                    : Enabled

VLAN Trunk Ports             : 8

AnyConnect for Mobile        : Disabled

AnyConnect for Linksys phone : Disabled

Advanced Endpoint Assessment : Disabled

UC Proxy Sessions            : 2

This platform has an ASA 5505 Security Plus license.

1.)As far as I understand this means RA users and peer2peer combined?

2.)I need additional RA clients to be able to connect in at any time, as far as I know there is no way to allow more IPSEC clients then this due to hardware limitations?

3.)If I go for the Anyconnect option (10 users license), does this then mean that I can use the 25 IPSEC VPNs and at the same time have users using the 10 SSL Anyconnect VPNs at the same time?

4.)Which Anyconnect license am I supposed to buy if this is the route I go, the clients will all be connecting from their desktops most of the time?

5.)Is it difficult to set up?

Thanks for the help!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nicolas Fournier
Cisco Employee
Cisco Employee

‎06-30-2011 05:23 AM

Hi Chris,

Here are the answers to your questions:

1.)As far as I understand this means RA users and peer2peer combined?

That is correct, RA and L2L peers.

2.)I need additional RA clients to be able to connect in at any time, as far as I know there is no way to allow more IPSEC clients then this due to hardware limitations?

This is indeed an HW limitation, the only way to go above would be to get a 5510 

3.)If I go for the Anyconnect option (10 users license), does this then mean that I can use the 25 IPSEC VPNs and at the same time have users using the 10 SSL Anyconnect VPNs at the same time?

Yes, it would allow 35 clients at the same time.

4.)Which Anyconnect license am I supposed to buy if this is the route I go, the clients will all be connecting from their desktops most of the time?

Parts numbers would be L-ASA-SSL-10-25= for eDelivery or ASA-SSL-10-25= for a paper license shipped to you.

5.)Is it difficult to set up?

I find it pretty easy.

You'll find plenty of guides on CCO that describe how it can be done.

For instance, you can have a look at this one:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080972e4f.shtml (Just ignore the "on a stick" parts).

Regards,

Nicolas

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Nicolas Fournier
Cisco Employee
Cisco Employee

‎06-30-2011 05:23 AM

Hi Chris,

Here are the answers to your questions:

1.)As far as I understand this means RA users and peer2peer combined?

That is correct, RA and L2L peers.

2.)I need additional RA clients to be able to connect in at any time, as far as I know there is no way to allow more IPSEC clients then this due to hardware limitations?

This is indeed an HW limitation, the only way to go above would be to get a 5510 

3.)If I go for the Anyconnect option (10 users license), does this then mean that I can use the 25 IPSEC VPNs and at the same time have users using the 10 SSL Anyconnect VPNs at the same time?

Yes, it would allow 35 clients at the same time.

4.)Which Anyconnect license am I supposed to buy if this is the route I go, the clients will all be connecting from their desktops most of the time?

Parts numbers would be L-ASA-SSL-10-25= for eDelivery or ASA-SSL-10-25= for a paper license shipped to you.

5.)Is it difficult to set up?

I find it pretty easy.

You'll find plenty of guides on CCO that describe how it can be done.

For instance, you can have a look at this one:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080972e4f.shtml (Just ignore the "on a stick" parts).

Regards,

Nicolas

0 Helpful

Go to solution
chris
Level 1
Level 1

‎06-30-2011 05:24 AM

I noticed this on another firewall now:

VLAN Trunk Ports               : 8

Shared License                 : Disabled

AnyConnect for Mobile          : Disabled

AnyConnect for Cisco VPN Phone : Disabled

AnyConnect Essentials          : Disabled

Advanced Endpoint Assessment   : Disabled

UC Phone Proxy Sessions        : 2

Total UC Proxy Sessions        : 2

Botnet Traffic Filter          : Disabled

That is not on the firewall in question, I hope this doesn't mean it can't be upgraded?

0 Helpful

Go to solution
Nicolas Fournier
Cisco Employee
Cisco Employee
In response to chris

‎06-30-2011 05:27 AM

Hi Chris,

Anyconnect Essentials is a "light" version of Anyconnect (No web install for instance).

The fact that you don't see it in the "show ver" won't prevent you from installing a full Anyconnect license.

Regards,

Nicolas

0 Helpful

Go to solution
chris
Level 1
Level 1
In response to Nicolas Fournier

‎06-30-2011 05:30 AM

Thanks for the very prompt informative response!

Enjoy your day!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card