Every Cisco ASA comes with a certain number of implicitly activated features and capacities as part of a Base License.
Base License: This license has capabilities that are fixed to the model/platform and cannot be selectively disable. An example of this is on the ASA 5585-X Active/Active Failover will be always available. Some other platforms offer the optional Security Plus License, which unlocks additional features and capacities on top of the Base License.
Basic Platform Capabilities: These are elementary characteristics of how an ASA device connects to the network, how it establishes the quantity and speed capabilities of a physical and logical interfaces and also limits the number of protected connections and inside host.
Cisco ASA 5500 Series Business Edition Solution Overview
The previous AnyConnect licensing model include AnyConnect Essentials and AnyConnect Premium; as of AnyConnect 4 the Licensing Model migrated from AnyConnect Essentials to AnyConnect Plus and AnyConnect Premium to AnyConnect APEX.
The following show version was taken from an ASA 5515 (Demo License). In order to recognize if an ASA has an AnyConnect 4 license you have to make sure of the following.
AnyConnect for Mobile is enabled.
AnyConnect for Cisco VPN Phone is enabled
AnyConnect 4 Licenses will display as AnyConnect Premium licenses when you issue the show version command (This regardless of the quantity of users the customer acquired) as the maximum AnyConnect Premium License count for the ASA hardware platform. On this example the ASA 5512-X supports up to 250 VPN Premium Peers.
The following chart will serve as a guide to recognize the Maximum Premium Peers per platform.
Why AnyConnect for VPN Phone and AnyConnect for Mobile are enabled?
b. You would like to upgrade to AnyConnect 4.X in order to use TLS 1.2 in order to pass PCI Compliance as TLS 1.0 is considered insecure for many PCI Compliance companies.
2. What platforms that will support the next-Gen encryption TLS 1.2
a. All Next Generation Firewall [5500-X Series as of ASA Release 9.3.2]
3. What is required to download the 4.X client?
a. An AnyConnect 4 PAK registered on a CCO ID Account.
1. Would a user will be able to connect using a client version 4.X to an ASA with SVC Premium/Essentials installed?
a. Yes, but it will use TLS 1.0 protocol regardless of the version the ASA is running. This type of connection was permitted in order to allow Mobile devices with the latest SVC client (4.X) to connect even when the customer hasn’t been able to install the Apex/Plus license.
Hi Everyone,So I have a scenario where we gave an FTD-1010 appliance Management Interface a Public IP address. Can anyone share experience about the content of the ACL written to protect it from unwanted connections?Thanks.Jim Goughenour
Hi Experts, We've small node (2) deployment with the same certificate used for Admin and EAP authentication where one of the Intermediate cert in the certificate hierarchy is about to expire. Could you please let me know the process to renew the Inte...
Hello guys, When I send e-mail to account not exist, I received messege from postmaster, like this:Delivery failed to the following recipients or group#550 5.1.1 RESOLVER.ADR.RecipNotFound; not found ## It's possible block this return message ?
I would like to submit a request for Cisco branded Visio stencils around our Firepower 1000 Series and 2000 Series Next Generation Firewalls to be posted here: https://www.cisco.com/c/en/us/products/visio-stencil-listing.html