Firewall-1#show run | i

Rodrigo Fialho · ‎09-14-2016

Cisco ASA is with AnyConnect Essentials feature disabled now, before it has had AnyConnect Essentials 10000.

Firewall-1/act# show activation-key detail
Serial Number: JADXXXXXXXX
Running Permanent Activation Key: 0xb91cf171 0xf88133ac 0xf8639558 0x87f42c04 0x801423b0

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 1024 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10000 perpetual
Total VPN Peers : 10000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
10GE I/O : Disabled perpetual
Cluster : Disabled perpetual

This platform has an ASA5585-SSP-20 VPN Premium license.

Running Permanent Activation Key: 0xb91cf171 0xf88133ac 0xf8639558 0x87f42c04 0x801423b0

Licensed permanent key features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 1024 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10000 perpetual
Total VPN Peers : 10000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
10GE I/O : Disabled perpetual
Cluster : Disabled perpetual

The flash permanent activation key is the SAME as the running permanent key.

Has someone ever had this problem?

pjain2 · ‎09-15-2016

were there any changes made to the ASA? was it reloaded?

Rodrigo Fialho · ‎09-15-2016

There weren't any changes, it wasn't reloaded.

Marvin Rhoads · ‎09-15-2016

Please check and share output of:

show run | i anyconnect

Rodrigo Fialho · ‎09-15-2016

Firewall-1#show run | i anyconnect
anyconnect image disk0:/anyconnect-win-4.2.01035-k9.pkg 1 regex "Windows"
anyconnect image disk0:/anyconnect-macosx-i386-4.2.01035-k9.pkg 2 regex "MacOS"
anyconnect image disk0:/anyconnect-linux-64-4.2.01035-k9.pkg 3 regex "Linux"
anyconnect enable

Marvin Rhoads · ‎09-15-2016

Hmm. AnyConnect Essentials is supposed to be enabled by default. What happens if you try to manually enable it?

ciscoasa(config)# webvpn
ciscoasa(config-webvpn)# anyconnect-essentials

The only other thing I can think of is if you were using shared license among an HA pair and the primary failed and was not brought back online or was replaced with an RMA unit without the requisite license.

If neither of those work, I'd open a TAC case. The licensing team can check your serial numbers for issued license history.

Rodrigo Fialho · ‎09-16-2016

ASA has replied so:

Firewall-1(config-webvpn)# anyconnect-essentials
ERROR: Command requires AnyConnect Essentials license
Firewall-1(config-webvpn)# anyconnect-essentials /n
Firewall-1(config-webvpn)# anyconnect-essentials /noconfirm
ERROR: Command requires AnyConnect Essentials license
Firewall-1(config-webvpn)#

Marvin Rhoads · ‎09-16-2016

Very odd.

I'd open a TAC case - ask for them to direct it to the licensing team.

vaibhav58 · ‎12-08-2016

Hi Marvin,

The license issues seems fine now.

The issue which i have is i cannot ping/connect to my internal LAN as my VPN pool is same as my LAN subnet. What extra configuration is required on ASA.

Current Scenario:

LAN : 192.168.0.1 /24

VPN : 192.168.0.185 - 192.168.0.210

Default route to ISP

default NAT to ISP .,

Do i need to create a NAT exempt so that to access LAN?If yes , how?

Regards

Vaibhav

vaibhav58 · ‎10-09-2016

Hi Marvin,

I just bought a any connect plus term license but i am seeing any connect essentials as disabled. Do we need to do any configuration to make it get enabled.

I want to use it for cisco jabber over vpn.

Current output

AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Enabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Enabled

Regards

Vaibhav

Marvin Rhoads · ‎10-10-2016

vaibhav58,

Did you redeem the PAK and apply the activation key?

vaibhav58 · ‎10-10-2016

Hi Marvin,

Yes i did that. after applying the other things were seen enabled but essential was seen disabled.

I read somewhere that this is seen as disabled but it works normally.Is it right?

Regards

Vaibhav

Rodrigo Fialho · ‎10-10-2016

Hi,

I'm facing the same issue. It is being seen as disabled and it doesn't work.

Regards!!!

vaibhav58 · ‎10-10-2016

Hi Rodrigo,

Does your any connect VPN work?

My concern is that my asa is 5505 running on 8.2(5) with any connect client package 2.5 . I think it might be some incompatibility issue.

Regards

Vaibhav

Marvin Rhoads · ‎10-10-2016

The client package should not affect enablement or disablement of the AnyConnect feature.

Your ASA software version 8.2(5) is compatible with AnyConnect Essentials but note that when you received your activation key, there should have been TWO keys provided. The email should have something like the following:

THE FOLLOWING ACTIVATION KEY IS VALID FOR:ALL ASA SOFTWARE RELEASES, BUT EXCLUDES ANY 8.2+ FEATURES FOR BACKWARDS COMPATIBILITY.

Platform = asa

<serial number>: <key>

Try to use the key that is recommended for older versions. If that fails, I'd open a TAC case and request assistance from Global Licensing team.

AnyConnect Essentials is disabled