Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17556
Views
0
Helpful
8
Replies

AnyConnect Apex License question

Go to solution
giuseppe parlato
Level 1
Level 1

‎02-07-2016 07:45 AM - edited ‎02-21-2020 08:40 PM

Hello,

I have AnyConnect 25 premium peers license,

AnyConnect Premium Peers          : 25             perpetual
Other VPN Peers                   : 750            perpetual
Total VPN Peers                   : 750            perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Then I've bought AnyConnect 50 user Apex license. I've registred ASA device with PAK number so received the following Cisco ASA 5500 Series Adaptive Security Appliance activation key,

AnyConnect Premium Peers                 : 750      
Other VPN Peers                          : Default  
Advanced Endpoint Assessment             : Enabled  
AnyConnect for Mobile                    : Enabled  
AnyConnect for Cisco VPN Phone           : Enabled

It seems to be I do not have 50 but 750 AnyConnect peers available. Why ?

Thanks

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to giuseppe parlato

‎02-10-2016 06:11 AM

AnyConnect licenses are not additive.

If you installed the activation-key / license for 50 Apex then you are licensed for 50 Apex users.

That overwrites the old license which is no longer installed - you can revert to it only if you have the old activation key.

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to giuseppe parlato

‎02-10-2016 07:54 AM

You're welcome.

The old activation key is tied to the serial number of the ASA it was issued for and is not transferable. (Cisco will override that policy in the case of a failed unit being RMAd.)

You can have more than 50 users active but you would technically be in violation of the terms of your license. However, there's no technical enforcement of that at this time with AnyConnect 4.x licenses (Apex or Plus).

Technically the users licensed are unique userids (not concurrent users). The way Cisco explains it is if you have a given user with PC and tablet both on VPN then that uses only one license. However they haven't figured out how to differentiate that for enforcement purposes yet while maintaining compatibility with the old license types in the same code so they just open it up to the max the hardware supports when you activate a new style license.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Diego Lopez
Level 1
Level 1

‎02-08-2016 04:59 AM

Hello,

Check this link under license management :

http://www.cisco.com/c/dam/en/us/products/security/anyconnect-og.pdf

The Adaptive Security Appliance license emailed to you after activating your key will only display the simultaneous hardware user capacity of your appliance, not your authorized user license count or AnyConnect license tier (Plus or Apex). To look up the user license purchased or term remaining, please access your support contract through the Cisco Service Contract Center.

So this new licensing module will enable to total amount of connections that your ASA hardware supports but you should only use 75 connections because that's what you paid for.

Regards, please rate.

0 Helpful

Go to solution
giuseppe parlato
Level 1
Level 1
In response to Diego Lopez

‎02-08-2016 05:20 AM

Thanks for your answer. I'm not sure the old 25 premium license were converted to apex or just lost.

0 Helpful

Go to solution
Diego Lopez
Level 1
Level 1
In response to giuseppe parlato

‎02-08-2016 05:32 AM

You can check his licensing FAQ:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200191-AnyConnect-Licensing-Frequently-Asked-Qu.html#anc7

But I don't think the current license will be converted.

0 Helpful

Go to solution
giuseppe parlato
Level 1
Level 1
In response to Diego Lopez

‎02-10-2016 05:50 AM

It is not converted :( .. anyway does it means that even though I have 50 APEX I could have 750 user connected with AnyConnect ?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to giuseppe parlato

‎02-10-2016 06:11 AM

AnyConnect licenses are not additive.

If you installed the activation-key / license for 50 Apex then you are licensed for 50 Apex users.

That overwrites the old license which is no longer installed - you can revert to it only if you have the old activation key.

0 Helpful

Go to solution
giuseppe parlato
Level 1
Level 1
In response to Marvin Rhoads

‎02-10-2016 07:43 AM

Thanks Marvin so I'll try to assign the old license to another ASA. Is migration to APEX still possible or has it ended on December 31 2015 ?

If you installed the activation-key / license for 50 Apex then you are licensed for 50 Apex users. 

Does it means that I cannot have more then 50 active anyconnect users at the same time ? if so why in the activation-key sent by Cisco I have 750 AnyConnect Premium Peers (which is the ASA 5520 limit) ?

0 Helpful

Go to solution
giuseppe parlato
Level 1
Level 1
In response to giuseppe parlato

‎02-10-2016 07:51 AM

Based on the ordering guide :

"The number of licenses needed is based on all the possible unique users that may use any Cisco AnyConnect service. The exact number of Plus or Apex licenses should be based on the total number of unique users that require the specific services associated with each license type."

I think it means that new APEX license is no longer of concurrent users but to all potential users of the AnyConnect service.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to giuseppe parlato

‎02-10-2016 07:54 AM

You're welcome.

The old activation key is tied to the serial number of the ASA it was issued for and is not transferable. (Cisco will override that policy in the case of a failed unit being RMAd.)

You can have more than 50 users active but you would technically be in violation of the terms of your license. However, there's no technical enforcement of that at this time with AnyConnect 4.x licenses (Apex or Plus).

Technically the users licensed are unique userids (not concurrent users). The way Cisco explains it is if you have a given user with PC and tablet both on VPN then that uses only one license. However they haven't figured out how to differentiate that for enforcement purposes yet while maintaining compatibility with the old license types in the same code so they just open it up to the max the hardware supports when you activate a new style license.

0 Helpful
Customers Also Viewed These Support Documents