We have a pair of HA ASA Firewall and we are in the process of migration from Cisco VPN Client (IPSec) to Cisco AnyConnect VPN Client.
We have roughly 250 users but at any one time, roughly 25 users are concurrently using the VPN.
I understand that there are licenses based on number of users, and there are license based on concurrent users. There are permanent license and there are subscription license. I am very confused?
If I buy any type of license, do I need to buy it for both ASA (Qty=2) ?
Or do I need to just buy one license for both ASA since they are HA?
You only need to buy the licenses once as the licenses are combined on the ASA. And with the user-based licensing you don't care about the amount of ASAs, you just license the ASA.
In your case I would ask my preferred reseller for AnyConnect PLUS for 250 Users with a subscription of 5 years.
Hi Karsten Iwen,
Thanks for your advise.
According to your suggestion, If I buy 250 users license, it apply to all my 4 unit of ASA firewall. Am I right?
What do you think about VPN Only license (Perpetual).
I can buy concurrent users of 25 or 50 instead of 250 users.
Will it make a better deal?
Because the PLUS license is "per user", you can activate the license on all your ASAs.
There is also a VPN-ONLY license that is licensed for a single unit and concurrent users. But I would assume that this will be more expensive.