Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4048
Views
5
Helpful
7
Replies

AnyConnect 4: How to indetify if user uses PLUS or APEX license?

Michael Muenz
Level 5
Level 5

‎07-15-2015 12:07 AM - edited ‎02-21-2020 08:20 PM

Hey guys,

I'm running a 5506X active/passive system with a 25 users AnyConnect PLUS and a 25 users AnyConnect APEX license.
A VPN user is logged in via AnyConnect and I have enabled the Hostscan agent (without ISE).

 

Now I'm not sure if this user is counted as PLUS or APEX, since it's not really clear how Hostscan without ISE ist handled.

Is there a show X command to tell me what license type a user takes?

 

Thanks!

Michael

Michael Please rate all helpful posts
Labels:
0 Helpful
7 Replies 7

Abaji Rawool
Level 3
Level 3

‎07-15-2015 01:08 AM

Hi,

You can use "sh vpn-sessiondb license-summary"

This would show the license used by premium / essentials features. As the ASA still uses the this names for the license features.

HTH

Abaji.

 

Michael Muenz
Level 5
Level 5
In response to Abaji Rawool

‎07-15-2015 01:26 AM

Hi Abaji,

 

Thanks for the reply. This is the output:

secure# sh vpn-sessiondb license-summary
---------------------------------------------------------------------------
VPN Licenses and Configured Limits Summary
---------------------------------------------------------------------------
                                     Status : Capacity : Installed :  Limit
                                  -----------------------------------------
AnyConnect Premium               :  ENABLED :       50 :        50 :   NONE
AnyConnect Essentials            : DISABLED :       50 :         0 :   NONE
Other VPN (Available by Default) :  ENABLED :       50 :        50 :   NONE
Shared License Server            : DISABLED
Shared License Participant       : DISABLED
AnyConnect for Mobile            :  ENABLED(Requires Premium or Essentials)
Advanced Endpoint Assessment     :  ENABLED(Requires Premium)
AnyConnect for Cisco VPN Phone   :  ENABLED
VPN-3DES-AES                     :  ENABLED
VPN-DES                          :  ENABLED
---------------------------------------------------------------------------

---------------------------------------------------------------------------
VPN Licenses Usage Summary
---------------------------------------------------------------------------
                          Local : Shared :   All  :   Peak :  Eff.  :
                         In Use : In Use : In Use : In Use :  Limit : Usage
                       ----------------------------------------------------
AnyConnect Premium     :      1 :      0 :      1 :      3 :     50 :    2%
  AnyConnect Client    :                 :      1 :      2          :    2%
    AnyConnect Mobile  :                 :      0 :      0          :    0%
  Clientless VPN       :                 :      0 :      1          :    0%
  Generic IKEv2 Client :                 :      0 :      0          :    0%
Other VPN              :                 :      1 :      3 :     50 :    2%
  Cisco VPN Client     :                 :      0 :      1          :    0%
  L2TP Clients
  Site-to-Site VPN     :                 :      1 :      3          :    2%
---------------------------------------------------------------------------

 

 

My problem is, that Essentials is displayed as disabled in favor of Premium. 
Is this really the way Cisco goes? 

Michael Please rate all helpful posts
0 Helpful

Michael Muenz
Level 5
Level 5
In response to Michael Muenz

‎07-20-2015 02:21 AM

I tried to get a demo license to figure this out, but demo license is only available as APEX and not PLUS. Now I'll buy a PLUS one and check if this works without ISE and/or APEX.

Michael Please rate all helpful posts
0 Helpful

Michael Muenz
Level 5
Level 5
In response to Michael Muenz

‎07-24-2015 02:55 AM

UPDATE:

I installed the L-AC-PLS-S-1Y-25 on a ASA5515-X.

 

Before:

Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 100            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
IPS Module                        : Disabled       perpetual
Cluster                           : Enabled        perpetual
Cluster Members                   : 2              perpetual

 

After:

Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 100            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 250            perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Enabled        perpetual
Advanced Endpoint Assessment      : Enabled        perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
IPS Module                        : Disabled       perpetual
Cluster                           : Enabled        perpetual
Cluster Members                   : 2              perpetual

 

Now I have 250 Premium VPN peers with a PLUS license? I don't know if Cisco really counts the users and only hopes the users out there will license correctly to earn money with license selling .. :(

Michael Please rate all helpful posts
0 Helpful

Abaji Rawool
Level 3
Level 3
In response to Michael Muenz

‎07-20-2015 08:39 AM

Hostscan will be still a premium feature. You can see full details here :http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/feature/guide/anyconnect40features.html#pgfId-65579

HTH

Abaji.

0 Helpful

Marc Magloire
Level 1
Level 1
In response to Abaji Rawool

‎07-22-2015 07:52 PM

Any documents on how to share licenses on the new "Cisco AnyConnect Plus Migration License Group" model when deployed in a multi site/ASA environment?

0 Helpful

Michael Muenz
Level 5
Level 5
In response to Marc Magloire

‎07-24-2015 02:58 AM

You mean you have multiple ASA's around but the same users? 

Then you can just generate the license mutiple times for different SN's, that's not a problem.

I also have 2 A/P clusters in different DC's, it works.

Michael Please rate all helpful posts
0 Helpful
Customers Also Viewed These Support Documents