on 02-09-2016 07:04 PM
Every Cisco ASA comes with a certain number of implicitly activated features and capacities as part of a Base License.
Base License: This license has capabilities that are fixed to the model/platform and cannot be selectively disable. An example of this is on the ASA 5585-X Active/Active Failover will be always available. Some other platforms offer the optional Security Plus License, which unlocks additional features and capacities on top of the Base License.
Basic Platform Capabilities: These are elementary characteristics of how an ASA device connects to the network, how it establishes the quantity and speed capabilities of a physical and logical interfaces and also limits the number of protected connections and inside host.
Cisco ASA 5500 Series Business Edition Solution Overview
AnyConnect Licensing
The previous AnyConnect licensing model include AnyConnect Essentials and AnyConnect Premium; as of AnyConnect 4 the Licensing Model migrated from AnyConnect Essentials to AnyConnect Plus and AnyConnect Premium to AnyConnect APEX.
The following show version was taken from an ASA 5515 (Demo License). In order to recognize if an ASA has an AnyConnect 4 license you have to make sure of the following.
The following chart will serve as a guide to recognize the Maximum Premium Peers per platform.
Why AnyConnect for VPN Phone and AnyConnect for Mobile are enabled?
From this reference document:
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/feature/guide/anyconnect40features.html, you will see that AnyConnect Plus supports PC and Mobile platforms. This explains why AnyConnect for Mobile is enabled.
From the reference document:
http://www.cisco.com/c/dam/en/us/products/security/anyconnect-og.pdf; which is the Cisco AnyConnect Ordering Guide you will find that AnyConnect for Cisco VPN Phone is available, this will explain why it appear as enabled on the show version command.
FAQs
1. Why would you look to upgrade from SVC 3.X to SVC 4.X?
a. Basically you will look for an AnyConnect upgrade since AnyConnect 3.X has been announced to be end of life; Application software support will not be available for the stated software versions beyond March 31, 2018. Reference Link: http://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility- client/eos-eol-notice-c51-734084.html
b. You would like to upgrade to AnyConnect 4.X in order to use TLS 1.2 in order to pass PCI Compliance as TLS 1.0 is considered insecure for many PCI Compliance companies.
2. What platforms that will support the next-Gen encryption TLS 1.2
a. All Next Generation Firewall [5500-X Series as of ASA Release 9.3.2]
3. What is required to download the 4.X client?
a. An AnyConnect 4 PAK registered on a CCO ID Account.
1. Would a user will be able to connect using a client version 4.X to an ASA with SVC Premium/Essentials installed?
a. Yes, but it will use TLS 1.0 protocol regardless of the version the ASA is running. This type of connection was permitted in order to allow Mobile devices with the latest SVC client (4.X) to connect even when the customer hasn’t been able to install the Apex/Plus license.
"The following show version was taken from an ASA 5515 (Demo License). In order to recognize if an ASA has an AnyConnect 4 license you have to make sure of the following.
Since the 'sh ver' command does not display the type of anyconnect 4.x license installed. How do I know if the license installed is APEX or PLUS on an ASA ? Is it correct to say along with the three points mentioned in the above post, if ‘Advanced Endpoint assessment’ is enabled it is APEX and if it is disabled it is PLUS ?
The following show version was taken from an ASA 5515 (Demo License). In order to recognize if an ASA has an AnyConnect 4 license you have to make sure of the following.
how do we figure out if VPNO is in use or Apex/Plus?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: