cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
18548
Views
0
Helpful
8
Replies

AnyConnect Apex License question

Hello,

I have AnyConnect 25 premium peers license,

AnyConnect Premium Peers          : 25             perpetual
Other VPN Peers                   : 750            perpetual
Total VPN Peers                   : 750            perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Then I've bought AnyConnect 50 user Apex license. I've registred ASA device with PAK number so received the following Cisco ASA 5500 Series Adaptive Security Appliance activation key,

AnyConnect Premium Peers                 : 750      
Other VPN Peers                          : Default  
Advanced Endpoint Assessment             : Enabled  
AnyConnect for Mobile                    : Enabled  
AnyConnect for Cisco VPN Phone           : Enabled

It seems to be I do not have 50 but 750 AnyConnect peers available. Why ?

Thanks

2 Accepted Solutions

Accepted Solutions

AnyConnect licenses are not additive.

If you installed the activation-key / license for 50 Apex then you are licensed for 50 Apex users.

That overwrites the old license which is no longer installed - you can revert to it only if you have the old activation key.

View solution in original post

You're welcome.

The old activation key is tied to the serial number of the ASA it was issued for and is not transferable. (Cisco will override that policy in the case of a failed unit being RMAd.)

You can have more than 50 users active but you would technically be in violation of the terms of your license. However, there's no technical enforcement of that at this time with AnyConnect 4.x licenses (Apex or Plus).

Technically the users licensed are unique userids (not concurrent users). The way Cisco explains it is if you have a given user with PC and tablet both on VPN then that uses only one license. However they haven't figured out how to differentiate that for enforcement purposes yet while maintaining compatibility with the old license types in the same code so they just open it up to the max the hardware supports when you activate a new style license.

View solution in original post

8 Replies 8

Diego Lopez
Level 1
Level 1

Hello,

Check this link under license management :

http://www.cisco.com/c/dam/en/us/products/security/anyconnect-og.pdf

The Adaptive Security Appliance license emailed to you after activating your key will only display the simultaneous hardware user capacity of your appliance, not your authorized user license count or AnyConnect license tier (Plus or Apex). To look up the user license purchased or term remaining, please access your support contract through the Cisco Service Contract Center.

So this new licensing module will enable to total amount of connections that your ASA hardware supports but you should only use 75 connections because that's what you paid for.

Regards, please rate.

Thanks for your answer. I'm not sure the old 25 premium license were converted to apex or just lost.

You can check his licensing FAQ:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200191-AnyConnect-Licensing-Frequently-Asked-Qu.html#anc7

But I don't think the current license will be converted.

It is not converted :( .. anyway does it means that even though I have 50 APEX I could have 750 user connected with AnyConnect ?

AnyConnect licenses are not additive.

If you installed the activation-key / license for 50 Apex then you are licensed for 50 Apex users.

That overwrites the old license which is no longer installed - you can revert to it only if you have the old activation key.

Thanks Marvin so I'll try to assign the old license to another ASA. Is migration to APEX still possible or has it ended on December 31 2015 ?

If you installed the activation-key / license for 50 Apex then you are licensed for 50 Apex users. 

Does it means that I cannot have more then 50 active anyconnect users at the same time ? if so why in the activation-key sent by Cisco I have 750 AnyConnect Premium Peers (which is the ASA 5520 limit) ?

Based on the ordering guide :

"The number of licenses needed is based on all the possible unique users that may use any Cisco AnyConnect service. The exact number of Plus or Apex licenses should be based on the total number of unique users that require the specific services associated with each license type."

I think it means that new APEX license is no longer of concurrent users but to all potential users of the AnyConnect service.

You're welcome.

The old activation key is tied to the serial number of the ASA it was issued for and is not transferable. (Cisco will override that policy in the case of a failed unit being RMAd.)

You can have more than 50 users active but you would technically be in violation of the terms of your license. However, there's no technical enforcement of that at this time with AnyConnect 4.x licenses (Apex or Plus).

Technically the users licensed are unique userids (not concurrent users). The way Cisco explains it is if you have a given user with PC and tablet both on VPN then that uses only one license. However they haven't figured out how to differentiate that for enforcement purposes yet while maintaining compatibility with the old license types in the same code so they just open it up to the max the hardware supports when you activate a new style license.