Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7915
Views
0
Helpful
1
Replies

AnyConnect Essentials and Premium Licensing

tonymitchell
Level 1
Level 1

‎01-23-2014 05:29 AM - edited ‎02-21-2020 07:27 PM

Hi,

We've had contradicting advice on AnyConnect licensing. We currently have two 5520 appliances in active/standby, each ASA had an AnyConnect Premium (50 peers) license installed, but following the (very sensible) change in 8.3 (I think), the total available premium peers is now 100, since we can now use both 50 packs across an active/standby cluster. We purchased these licenses specifically for using SSL WebVPN.

However, we also have the AnyConnect Essentials license installed, enabling us to use basic AnyConnect VPN functionality for the maximum 750 peers that 5520's support.

So, our licensing on the ASA looks like this...

Failover cluster licensed features for this platform:

Maximum Physical Interfaces       : Unlimited      perpetual

Maximum VLANs                     : 150            perpetual

Inside Hosts                      : Unlimited      perpetual

Failover                          : Active/Active  perpetual

VPN-DES                           : Enabled        perpetual

VPN-3DES-AES                      : Enabled        perpetual

Security Contexts                 : 4              perpetual

GTP/GPRS                          : Disabled       perpetual

AnyConnect Premium Peers          : 100            perpetual

AnyConnect Essentials             : 750            perpetual

Other VPN Peers                   : 750            perpetual

Total VPN Peers                   : 750            perpetual

Shared License                    : Disabled       perpetual

AnyConnect for Mobile             : Enabled        perpetual

AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Advanced Endpoint Assessment      : Disabled       perpetual

UC Phone Proxy Sessions           : 4              perpetual

Total UC Proxy Sessions           : 4              perpetual

Botnet Traffic Filter             : Disabled       perpetual

Intercompany Media Engine         : Disabled       perpetual

We're now looking to replace the two 5520s with 5525s... and are preparing the costs for the new units, including licensing and SmartNet contracts. The conflicting advice is that we can't install both AnyConnect premium and essentials on the same failover pair (contrary to our current setup)...

Table 10

http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html

(The AnyConnect Essentials license cannot be active at the same time as the following licenses on a given ASA: AnyConnect Premium license (all types) or the Advanced Endpoint Assessment license.)

Two questions...

1) Is this correct?

2) If we purchased 100 AnyConnect premium licenses, but did not purchase an Essentials license... would the premium license still allow us to use AnyConnect basic VPN functionality for the maximum supported number of VPN peers for the 5525?

Thanks in advance

Tony

Labels:
0 Helpful
1 Reply 1

deyster94
Level 5
Level 5

‎01-23-2014 11:29 AM

I have not seen an ASA licensed with both Essentials and Premium at the same time.  From everything I have heard, it's one or the other.  I do know that if you get 100 licenses for premium, you will only have 100 Anyconnect connections to your ASA.  Essentials will not be enabled. 

Most of the clients we install ASA's for only get the Essentials license since either they have no reason for publishing apps (like you can do w/ Premium) or use another way to publish apps (like Citrix).

HTH,

Dan

0 Helpful
Customers Also Viewed These Support Documents