cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16658
Views
10
Helpful
27
Replies

AnyConnect Essentials is disabled

Rodrigo Fialho
Level 1
Level 1

Cisco ASA is with AnyConnect Essentials feature disabled now, before it has had AnyConnect Essentials 10000.

Firewall-1/act# show activation-key detail
Serial Number: JADXXXXXXXX
Running Permanent Activation Key: 0xb91cf171 0xf88133ac 0xf8639558 0x87f42c04 0x801423b0

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 1024 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10000 perpetual
Total VPN Peers : 10000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
10GE I/O : Disabled perpetual
Cluster : Disabled perpetual

This platform has an ASA5585-SSP-20 VPN Premium license.

Running Permanent Activation Key: 0xb91cf171 0xf88133ac 0xf8639558 0x87f42c04 0x801423b0

Licensed permanent key features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 1024 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10000 perpetual
Total VPN Peers : 10000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
10GE I/O : Disabled perpetual
Cluster : Disabled perpetual

The flash permanent activation key is the SAME as the running permanent key.

Has someone ever had this problem?

27 Replies 27

Hi,

Another important thing which i noticed.

FW(config-webvpn)# anyconnect-essentials
ERROR: Command requires AnyConnect Essentials license
FW(config-webvpn)#

Yes - that is what we would see if the activation key was not correctly generated or installed. We cannot troubleshoot that in this online forum.

A TAC engineer or licensing specialist will be able to validate your key vs. the order and their internal fulfillment system.

Thanks Marvin.

I will open a TAC case and will let the audience know about whats happening.

Hello,

Did you get any reply from TAC?

Hi Rodrigo,

Yes i got this from them:

It it not required for the essentials to be shown as enabled. That output can be disregarded.

I configured Any connect and i could connect via VPN, get the IP Address from the pool. So its working fine. But i cannot connect to any of LAN IP.  address. This should be because of below and i could get you guys advise for that.

1) My VPN pool is in the same subnet as my LAN IP. So how do i create a NAT exempt for that.

2) I read somewhere to put the below command.Is that needed? from my got from google it shouldn't hamper my running IPSEC vpn but just want to be sure

sysopt connection permit-vpn

Thank you in advance.

Regards

Vaibhav

Hi Marvin,

In the mean time i get info from TAC, i just configured any connect VPN and i could get it working.I was able to log in to my office vpn , although no access worked but i think that was because of inproper config but does that mean by license is working.

It will use the 2 premium licenses that are included by default.

Hi Marvin,

Can you please help in below:

I configured Any connect and i could connect via VPN, get the IP Address from the pool. So its working fine. But i cannot connect to any of LAN IP.  address. This should be because of below and i could get you guys advise for that.

Once i am connected, i can even ping the remote server through an IPSEC VPN which is there on the firewall.

1) My VPN pool is in the same subnet as my LAN IP. So how do i create a NAT exempt for that.

2) I read somewhere to put the below command.Is that needed? from my got from google it shouldn't hamper my running IPSEC vpn but just want to be sure

sysopt connection permit-vpn

Thank you in advance.

Regards

Vaibhav

Hi Marvin,

I received a PAK which i used to get a activation key. The email for the activation key included below:

It says anyconnect essentials disabled. My another concern is that would this cause an issue in what i am trying to achieve. I want to use this for Cisco Jabber over VPN and i am no where close to it.

Any help would be highly appreciated.

Regards

Vaibhav

I do believe there is no incompatibility issue.

So my anyconnect vpn is working only for 2 peers:

AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10000 perpetual
Total VPN Peers : 10000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
10GE I/O : Disabled perpetual
Cluster : Disabled perpetual

This platform has an ASA5585-SSP-20 VPN Premium license.

As my Anyconnect Essentials license is disabled, then my Anyconnect Premium license is enabled and working as can be seen above.

Before my Anyconnect Essentials license was working fine and normal. It was seen as enabled, it stopped working alone and began be seen as disabled. A thing very odd because my Anyconnect Essentials lisence is for 10.000 peers and perpetual.

As mentioned before by Marvin "I'd open a TAC case - ask for them to direct it to the licensing team."

I have the same problem. I'm going to try to manually enable it.

niemmanu
Cisco Employee
Cisco Employee

Hi,

Can you check if you have an old show tech to confirm whether the Anyconnect Essentials license was perpetual or was it time based.

The license could have been time based and time might have expired and hence it is disabled now.

Regards,

Nitish Emmanuel

Output show version older:

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 1024           perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : 10000          perpetual
Other VPN Peers                   : 10000          perpetual
Total VPN Peers                   : 10000          perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
10GE I/O                          : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has an ASA5585-SSP-20 VPN Premium license.

Output show version newer:

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 1024           perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual            
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 10000          perpetual
Total VPN Peers                   : 10000          perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
10GE I/O                          : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has an ASA5585-SSP-20 VPN Premium license.

Before it was as perpetual.