Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2310
Views
0
Helpful
8
Replies

Any connect VPN v/s apex license

ashish.saxena1
Level 1
Level 1

‎12-16-2016 02:14 AM

Hi All

I am newbie in VPN, So need your advice, It will help me alot.

Let me show you first license of my both firewall. In my network environment I am using two cisco asa 5525x and 5520.

cisco asa 5525-X:

Maximum Physical Interfaces : Unlimited perpetual

Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual

Cisco ASA 5520:

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled

now I need to know. 

>Can I configure SSL VPN and anyconnect VPN in both the firewall if no then why ?

>Which VPN are more secure SSL VPN or any connect ?

>What is the difference between anyconnect vpn license and apex base license. and which one is good ?

>After configuration of any connect VPN, Is it possible that they could be integrated through AD ?

>what does it mean cisco anyconnect Premium Essential: 2 ( it is showing in my cisco asa 5525x, already shared show version of my both firewall above.).

Please Help I will be very thankful to you.

Regards

Ashish

Labels:
0 Helpful
8 Replies 8

Karsten Iwen
VIP
VIP

‎12-16-2016 02:54 AM

>Can I configure SSL VPN and anyconnect VPN in both the firewall if no then why ?

AnyConnect by default uses SSL/TLS and IPsec is only an optional transport. Or do you mean "clientless" with "SSL VPN"? Also that is possible.

>Which VPN are more secure SSL VPN or any connect ?

From a crypto standpoint, IPsec is stronger than SSL/TLS. But when using the 5525-X, TLS 1.2 can be used which is likely strong enough. TLS 1.0, which is the maximum that the legacy ASA 5520 supports, has many crypto weaknesses.

Again, if you refer to the differences clientless - AnyConnect, it depends on what you want to achieve. Both can be controlled for the resources that are accessible through the tunnel.

>What is the difference between anyconnect vpn license and apex base license. and which one is good ?

The APEX license allows you to use both clientless and AnyConnect. Then there is the PLUS license with which you are not allowed to use client less and also some advanced features are missing.

>After configuration of any connect VPN, Is it possible that they could be integrated through AD ?

Any remote-access VPN can be integrated into AD.

>what does it mean cisco anyconnect Premium Essential: 2 ( it is showing in my cisco asa 5525x, already shared show version of my both firewall above.).

These are not relevant any more. Premium- and Essentials licenses can't be bought any more. But by default, two simultaneous AnyConnect or clientless connections can be build without an additional license. But that doesn't give you download-access to the AnyConnect-client. For that you need a license.

0 Helpful

ashish.saxena1
Level 1
Level 1
In response to Karsten Iwen

‎12-16-2016 03:09 AM

Thank you Karsten for quick reply.

let me know, In my firewall i.e. cisco asa 5525 x,

cisco asa 5525-X:

Maximum Physical Interfaces : Unlimited perpetual

Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual

1. Can I use apex base license configuration in my cisco asa 5525 x series with current license as It is showing only cisco AnyConnect Premium Peers : 2 only?

2. Does apex license support client base or support clientless ?

> As shown above in the show version. It is required to be installed apex license for client base VPN ?

> what will be costing of apex license to install in my cisco asa if required already shared the relevant information?

Total no. of VPN users : 100

Concurrent users: 15

Please Help!!!!!!!

Regards

Ashish

0 Helpful

Karsten Iwen
VIP
VIP
In response to ashish.saxena1

‎12-16-2016 03:25 AM

> 1. Can I use apex base license configuration in my cisco asa 5525 x series with current license as It is showing only cisco AnyConnect Premium Peers : 2 only?

The APEX-license will give you a PAK which is activated in the Cisco licensing portal. After activating you receive an activation key that will allow more connections on the ASA. The APEX-license can be activated on all your ASAs, also on the older 5520.

> 2. Does apex license support client base or support clientless ?

APEX supports both, PLUS only AnyConnect but not clientless. 

> As shown above in the show version. It is required to be installed apex license for client base VPN ?

What do you exactly mean with "client base VPN"? If you apply the APEX-license, then all VPN is allowed.

> what will be costing of apex license to install in my cisco asa if required already shared the relevant information?

Ask your preferred Cisco reseller for a 100 User APEX license. APEX is sold as a subscription that can be bought for up to five years.

More in the AnyConnect Ordering Guide.

0 Helpful

ashish.saxena1
Level 1
Level 1
In response to Karsten Iwen

‎12-16-2016 03:36 AM

++ As shown above in the show version. It is required to be installed apex license for client base VPN ?

++What do you exactly mean with "client base VPN"? If you apply the APEX-license, then all VPN is allowed.

I have no idea about what should I need to do client base vpn configuration (that will be apex will be based on apex license)in my cisco asa 5525x. that is what I am asking, through the default license which I have right now. Can I configure the apex license base configuration. or I need to install license for apex.?

I am quite confused in VPN license. as I heard about any connect license, any connect plus lincense, and apex license. 

0 Helpful

Karsten Iwen
VIP
VIP
In response to ashish.saxena1

‎12-16-2016 03:41 AM

Yes, it can be confusing ...

You need to buy the APEX license, apply it to your ASA and then you can configure any kind of VPN on your ASA.

0 Helpful

ashish.saxena1
Level 1
Level 1
In response to Karsten Iwen

‎12-16-2016 07:59 AM

THANKS karsten

You really taught be about VPN licensing.

Finally i understood about the vpn license. 

Thanks for your help. :) 

Ashish

0 Helpful

ashish.saxena1
Level 1
Level 1
In response to ashish.saxena1

‎12-16-2016 03:48 AM

In my firewall I have any connect premium license:2, Is it equal to apex license ?? or I need to purchase apex license for my asa 5525x (already shared show version of my firewall)

I think after this, Many doubts of me will be cleared. :)

Regards

Ashish

0 Helpful

Karsten Iwen
VIP
VIP
In response to ashish.saxena1

‎12-16-2016 04:01 AM

> In my firewall I have any connect premium license:2, Is it equal to apex license ?

> or I need to purchase apex license for my asa 5525x (already shared show version of my firewall)

Premium (the old licensing name) is comparable to APEX, but you only have two concurrent connections. For more you need the APEX-license.

0 Helpful
Customers Also Viewed These Support Documents