01-21-2013 03:49 AM - edited 02-21-2020 06:38 PM
hello,
ASA 5505 has only 2 SSL VPN peers and 25 VPN peers. When we connect to our company via AnyConnect I can see that these persons use protocol IKEv2 IPsecOverNatT. so it's suggested that they don't use SSL VPN. But when the third person is trying to connect via AnyConnect, receives information about failied login.
is it possible to set up AnyConnect or on ASA that everyone who is defined on ASA uses only IPsec, not SSL VPN?
I'm using
ASA version: 9.1
ASDM version: 7.1
thanks for your help
Robert
Solved! Go to Solution.
01-21-2013 04:07 AM
For AnyConnect you need an additional license if you want to exceed two concurent users. This is also for IPSec.
You have two choices:
1) Buy the license L-ASA-AC-E-5505= it's about $50)
2) Configure IKEv1 and use the traditional IPSec VPN-Client (EOS/EOL is announced for the Cisco client, but there are many other clients available)
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
01-21-2013 06:54 AM
According to Vishnu, Cisco Anyconnect version 3.0 and above support SSL as well as IPSECv2 connection. If you want the user to connect using IPSECv2 from the Anyconnect client then it will consume the SSL license and not the IPsec license however if you use IPSECv2 for connections like site to site vpn then it will consume normal IPSec VPN license. https://supportforums.cisco.com/thread/2149289
hth
01-21-2013 07:46 AM
I don't really understand what you mean, but for remote-access it's quite simple:
- legacy VPN (IKEv1) is free
- modern VPN (SSL and IKEv2) comes with a fee
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
01-21-2013 04:02 AM
What is the error message when they tried to login using AnyConnect? If someone is using AnyConnect, it means that they are using SSL VPN, if you don't want to use SSL VPN because of the license issue, then you can also use VPN client not AnyConnect but you will need to change the VPN configuration on the ASA as well. In short, VPN client is for IPSec VPN and AnyConnect client is for SSL VPN.
01-21-2013 04:07 AM
For AnyConnect you need an additional license if you want to exceed two concurent users. This is also for IPSec.
You have two choices:
1) Buy the license L-ASA-AC-E-5505= it's about $50)
2) Configure IKEv1 and use the traditional IPSec VPN-Client (EOS/EOL is announced for the Cisco client, but there are many other clients available)
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
01-21-2013 05:53 AM
hi Karsten,
if I good understood....it doesn't metter how many licenses of VPNs I have. If I use AnyConnect I have to take into consideration only SSL VPN peers.
thanks
Robert
01-21-2013 06:14 AM
I just realized that AnyConnect can also be used for normal IPSec VPN
01-21-2013 06:28 AM
hi Rudy,
so why I couldn't use VPN connection when 2 persons were logged to my company's ASA?
everyone uses AnyConnect and everyone received the same infortmation like on the file below
01-21-2013 06:54 AM
According to Vishnu, Cisco Anyconnect version 3.0 and above support SSL as well as IPSECv2 connection. If you want the user to connect using IPSECv2 from the Anyconnect client then it will consume the SSL license and not the IPsec license however if you use IPSECv2 for connections like site to site vpn then it will consume normal IPSec VPN license. https://supportforums.cisco.com/thread/2149289
hth
01-21-2013 07:46 AM
I don't really understand what you mean, but for remote-access it's quite simple:
- legacy VPN (IKEv1) is free
- modern VPN (SSL and IKEv2) comes with a fee
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide