We are planning to configure anyconnect VPN posture for our remote clients through ASA and Cisco ISE (version 2.6). I would like to clarify whether we need any specific license on the ASA to have the posture functionality. On ISE we have the below licenses
Kindly advise if we are missing anything.
The AnyConnect Apex license includes all AnyConnect features so you are all set on that part.
For the ISE, the ISE doesn't enforce the license usage, but if you want to take full advantage of ISE with regard to endpoint details, you will require an ISE plus license, which you also have.
You are all set.
ISE Compliance (Posture) requires ISE Apex licenses.
Reference page 16 of the ISE Ordering Guide for confirmation:
As I mentioned above you have the licenses required to take full advantage of AnyConnect and ISE.
It's as @Marius Gunnerud correctly noted.
The L-AC-APX-LIC= license gives you a PAK that you redeem for an activation key to install that particular license on the ASA.
It works in conjunction with the ISE licenses (primarily Base and Apex ISE licenses, Plus licenses if you are using features like profiling or Device Registration) to give the full set of features.
I tried to generate an activation key from the PAK. But I got the message that the license is already converted to smart entitlement. My ASA is 5585 and I need to check if it can be changed to smart licensing mode. But my question is that if I connect my ASA to smart licensing cloud, all my existing licenses in ASA should be transferred to the smart licensing cloud right?.
I am uncertain about this with ASA, though with switches migrating to smart licensing you keep your existing licenses just on the smart licensing portal, so I would assume the same for ASA.
You could contact email@example.com to verify this.
ASA 5585-X only uses classic PAK-based licenses with activation keys. It cannot use Smart licensing.
If your Anyconnect licenses have been converted, then you need to open a request with licensing (as @Marius Gunnerud suggested) and request they also be provisioned as PAKs for this purpose.