cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11163
Views
0
Helpful
40
Replies

Ask the Expert: AnyConnect Secure Mobility

ciscomoderator
Community Manager
Community Manager

AnyConnect Secure Mobility with Ameet Kulkarni - Read the bioWith Ameet Kulkarni

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about AnyConnect Secure Mobility with Cisco expert Ameet Kulkarni. Learn about the various aspects of AnyConnect Secure Mobility such as HostScan, Client and Clientless based remote access, policies, and more.

Ameet Kulkarni is a product manager within the Secure Access and Mobility Product Group. His areas of expertise revolve around AnyConnect & ISE with a focus on posture assessment and profiler technologies. Kulkarni has managed multiple products over his career in VoIP and Security industries. He is an engineer by education with a Master of Science in Telecommunication. He has had a broad exposure in software development, solution architecture, program management and product management.

Remember to use the rating system to let Ameet know if you have received an adequate response.

Ameet might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Security sub community shortly after the event. This event lasts through April 5, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

40 Replies 40

On the Identity firewall,

most of the questions are from management and getting 'buy in' on the design change. Need to know how well it works and scales. Is the design bulletproof like can it have redundant AD agents to redundant AD servers?

Thanks,

Rick

Hi Rick, I believe that is the case. This bleeds over to the FW team so let me confirm with them and get back to you.

For Shared Licenses,
If you already have a 500 user license for sslvpn at one site, can you share to another new site?
Do they need to be converted to a shared or new purchased?

The issue is, the new site has the 2 SSLVPN peer and need to move off old site with license to new site.
Do not want to forklift or swap firewalls, need to run in parallel during migrations.
Both sites are in active/standby setup.

Thx, Rick

Another question on Licenses,
ASA license with a vpn premium license has 2 sslvpn peers for clientless sslvpn.

The clients with anyconnect will sslvpn to the total vpn peers of 5000 same as the ipsec clients, right?

Thx, Rick

Rick, if you have 500 sessions of shared license, then yes, you can share it with multiple ASAs. However, those ASAs must have a participant license on each one of them. Note that you need to have the Shared License and NOT the Premium License for it to be shared across ASAs.

If you have an A/S setup, you dont need shared licenses.

Every ASA ships with 2 Premium license for trying it out. I dont know of any customer that uses them for production. :-)

I didn't quite follow your last question. Which 5000 are you talking about?

The 5000 is from:

Other VPN Peers      : 5000           perpetual

Total VPN Peers       : 5000           perpetual

Probably different depending on ASA model.

I do not have a shared license now but want to share for a migrate to a new site.

A/S is set up on each site. New site needs license and closing old site with license.

Looking not to do a hardware swap just to keep license. Only RMA can transfer licenses, right?

I see. If you want shared licenses, then you will need to purchase them. It is not possible to "convert" a premium license to shared. Reach out to your Cisco sales contacts to find the best possible way for procuring shared licenses.

Mohd Aakil
Level 1
Level 1

What is the different licenses available for AnyConnect on ASA.

The two basic licenses for AnyConnect are AnyConnect Essentials (smaller set of features) and AnyConnect Premium (All features). On top of the Essentials you can have Mobile licenses. On Premium you can have Mobile licenses as well as Advanced Endpoint Assessment license. For disaster recovers, one can purchase Flex licenses.

If you want a distributed deployment with license sharing then you can go for Shared Licenses (these are a form of Premium licenses which are shared across your ASAs). Those ASAs that want to participate in the license pool from Shared Licenses should have Participant Licenses.

When I delete entries from

Configuration > Remote Access VPN > Secure Desktop Manager > Host Scan

they are appears again in a few time. How can I delete it?

astra.wadsworth
Level 1
Level 1

Hi Ameet,

Thanks for hosting this ATE, I have a couple questions:-

1.       With AnyConnect 3.1.x, can we modify the string ‘use a browser to gain access’ or other similar strings on the GUI to display custom messages? We know we can modufy "web authentication required using the poedit method..

2.       We’re seeing this behaviour with Windows 8 following installation of AC, no difference in behaviour occurs if AC NAM/SBL modules are installed:-

The original Windows 8 user logon screen details seems to be erased (here is before install screen with username scratched out)

Here is the incorrect Windows 8 logon screen after install

 

Also after install the last logged on user name is removed

Thanks in advance!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: