Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1691
Views
5
Helpful
4
Replies

Webvpn and anyconnect on same interface

Go to solution
srihari4cisco
Level 1
Level 1

‎10-09-2014 12:59 AM - edited ‎02-21-2020 07:52 PM

Hello !!

We have 5520 ASA firewall running with code.9.1(2) . We already have webvpn running on the firewall and has active users using it. Now the customer has come up with a new requirement to configure anyconnect on the same firewall. We have installed VPN plus premium license.

1) Is it possible to enable webvpn and anyconnect on the same interface. If so what are the aspects we need to consider to enable both on the same interface ?

2) how many webvpn and anyconnect vpn licenses do i have with my premium lincense ?

Please help on this.

attached shver for reference.

Best Regards,

Sri

Labels:
Preview file
4 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to srihari4cisco

‎10-10-2014 05:27 AM

Your AnyConnect Premium peers licenses entitle you to both the clientless and client-based SSL VPN access.

The licensing is based on simultaneous users so whatever the concurrent mix is will work - as long as the number logged on doesn't exceed 100.

Your IPsec site-site VPN does not count against that licensing but is rather against the "Other VPN Peers" which does not require a separate license and is limited by the ASA's hardware capability (750 on your platform).

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-09-2014 03:08 PM

Here are your answers:

1. By "webvpn" I assume you mean clientless SSL VPN. You can have both clientless SSL VPN and full tunnel SSL VPN (AnyConnect Secure Mobility client) running simultaneously. We usually do something like setup a separate connection profile for each type of access.

 

2. It appears you have licensed 50-user AnyConnect Premium on both units in a failover cluster (even though it's only required on one unit since ASA 8.3(1)), giving you a total of 100 user license of AnyConnect Premium.

AnyConnect Premium Peers          : 100            perpetual

Go to solution
srihari4cisco
Level 1
Level 1
In response to Marvin Rhoads

‎10-10-2014 02:34 AM

Hello,

Thanks for your response.

We already have 50+ webvpn users and one ipsec site-to-site tunnel on the same box. Can we use the rest of licenses ( nearly 50) for AnyConnect VPN ?

 

Cheers.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to srihari4cisco

‎10-10-2014 05:27 AM

Your AnyConnect Premium peers licenses entitle you to both the clientless and client-based SSL VPN access.

The licensing is based on simultaneous users so whatever the concurrent mix is will work - as long as the number logged on doesn't exceed 100.

Your IPsec site-site VPN does not count against that licensing but is rather against the "Other VPN Peers" which does not require a separate license and is limited by the ASA's hardware capability (750 on your platform).

0 Helpful

Go to solution
srihari4cisco
Level 1
Level 1
In response to Marvin Rhoads

‎10-10-2014 05:31 AM

Hello,

Thank you so much for your help in this regard. Its quite useful information for my current project.

Cheers.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents