cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
2212
Views
0
Helpful
8
Replies
ryancolson
Beginner

anyconnect essentials web deployment

If you have an ASA, with just the two built in full webvpn licenses, and like 100 anyconnect essential licenes, can the anyconnect client still be deployed via the web, or if those two full webvpn sessions are in use will it not allow login to the portal?

1 ACCEPTED SOLUTION

Accepted Solutions

Correct, AnyConnect Essential and AnyConnect Premium can't coexist.

The whole point of AnyConnect Essential is the replacement for IPSec VPN Client as both are full tunnel mode, hence the license is cheaper than the AnyConnect Premium license.

View solution in original post

8 REPLIES 8
Jennifer Halim
Cisco Employee

If you just have the 2 default SSL license on your ASA, it will allow you to deploy all types of SSL VPN (AnyConnect full tunnel, WebVPN clientless as well as all the advanced SSL feature), and yes, you can deploy it via web as well. However, you can only have a maximum of 2 SSL sessions connected concurrently. When the third SSL session tries to connect, it will not allow you to connect.

However, if you have the 2 default SSL license, and you have also added AnyConnect Essential license which allows you to the maximum supported SSL full tunnel for the ASA model you have, the default 2 premium SSL license will be disabled. Once AnyConnect Essential license has been activated on the ASA, you can only connect AnyConnect full tunnel mode to the maximum supported on your ASA model (you no longer have accessed to the default 2 which supports AnyConnect full tunnel, WebVPN clientless and advanced SSL feature).

Hope that answers your question.

so that means the portal no longer functions period, and the client would have to be deployed directly to the machines(either via a web link, directly installed, etc)

No no, with AnyConnect essentials, the portal will still work, however, all it does is to download the AnyConnect package to user's machine when the user log in to the portal.

thanks.  So just to confirm essentials cannot coesist will premium(IE say you have a 5510, you couldnt get 250 essentials and 10 premium.

Correct, AnyConnect Essential and AnyConnect Premium can't coexist.

The whole point of AnyConnect Essential is the replacement for IPSec VPN Client as both are full tunnel mode, hence the license is cheaper than the AnyConnect Premium license.

View solution in original post

thanks.  I definately get the point of it.  I just could see cases where companies would want them to coexist.  You have cleared up a lot thanks.

DAVID THORNTON
Beginner

Hello

I am a little confused by what I am seeing

I had a Asa5510
V8.3.2

It had the default two ssl license allowing two VPN sessions for remote access

We added an anyconnect essentials

We are able to connect with two anyconnect clients but the third attempt alway fails

The asa error says

Session could not be established
Session limit of 2 reached

It's as if the anyconnect is trying to use SSL


I have not tried reloading the asa yet
Would that help.?

Licenses appear ok

Anyconnect I enabled
Total VPN peer 250
Ssl VPN peer 2


Thanks for any pointers
Dave
Sent from Cisco Technical Support iPad App

You would need to enable the AnyConnect Essential license on the ASA for it to take affect.

Commands:

webvpn

   anyconnect-essentials

Command reference:

http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/a2.html#wp1721336

Please be advised that once you enable it, you will lose the 2 premium SSL VPN license.

Hope that helps.

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (100%)

Content for Community-Ad