02-20-2011 03:12 PM - edited 02-21-2020 05:11 PM
If you have an ASA, with just the two built in full webvpn licenses, and like 100 anyconnect essential licenes, can the anyconnect client still be deployed via the web, or if those two full webvpn sessions are in use will it not allow login to the portal?
Solved! Go to Solution.
02-20-2011 03:58 PM
Correct, AnyConnect Essential and AnyConnect Premium can't coexist.
The whole point of AnyConnect Essential is the replacement for IPSec VPN Client as both are full tunnel mode, hence the license is cheaper than the AnyConnect Premium license.
02-20-2011 03:19 PM
If you just have the 2 default SSL license on your ASA, it will allow you to deploy all types of SSL VPN (AnyConnect full tunnel, WebVPN clientless as well as all the advanced SSL feature), and yes, you can deploy it via web as well. However, you can only have a maximum of 2 SSL sessions connected concurrently. When the third SSL session tries to connect, it will not allow you to connect.
However, if you have the 2 default SSL license, and you have also added AnyConnect Essential license which allows you to the maximum supported SSL full tunnel for the ASA model you have, the default 2 premium SSL license will be disabled. Once AnyConnect Essential license has been activated on the ASA, you can only connect AnyConnect full tunnel mode to the maximum supported on your ASA model (you no longer have accessed to the default 2 which supports AnyConnect full tunnel, WebVPN clientless and advanced SSL feature).
Hope that answers your question.
02-20-2011 03:22 PM
so that means the portal no longer functions period, and the client would have to be deployed directly to the machines(either via a web link, directly installed, etc)
02-20-2011 03:28 PM
No no, with AnyConnect essentials, the portal will still work, however, all it does is to download the AnyConnect package to user's machine when the user log in to the portal.
02-20-2011 03:51 PM
thanks. So just to confirm essentials cannot coesist will premium(IE say you have a 5510, you couldnt get 250 essentials and 10 premium.
02-20-2011 03:58 PM
Correct, AnyConnect Essential and AnyConnect Premium can't coexist.
The whole point of AnyConnect Essential is the replacement for IPSec VPN Client as both are full tunnel mode, hence the license is cheaper than the AnyConnect Premium license.
02-20-2011 04:31 PM
thanks. I definately get the point of it. I just could see cases where companies would want them to coexist. You have cleared up a lot thanks.
02-23-2013 09:38 AM
Hello
I am a little confused by what I am seeing
I had a Asa5510
V8.3.2
It had the default two ssl license allowing two VPN sessions for remote access
We added an anyconnect essentials
We are able to connect with two anyconnect clients but the third attempt alway fails
The asa error says
Session could not be established
Session limit of 2 reached
It's as if the anyconnect is trying to use SSL
I have not tried reloading the asa yet
Would that help.?
Licenses appear ok
Anyconnect I enabled
Total VPN peer 250
Ssl VPN peer 2
Thanks for any pointers
Dave
Sent from Cisco Technical Support iPad App
02-23-2013 04:28 PM
You would need to enable the AnyConnect Essential license on the ASA for it to take affect.
Commands:
webvpn
anyconnect-essentials
Command reference:
http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/a2.html#wp1721336
Please be advised that once you enable it, you will lose the 2 premium SSL VPN license.
Hope that helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide