Solved: anyconnect for mobile VPN ASA5520-SSL500-K9

Ivan Levadnyi · ‎07-24-2012

Hellow everyone.

I have VPN ASA5520-SSL500-K9.

About:

This platform has an ASA 5520 VPN Plus license.

VPN Peers : 750

AnyConnect for Mobile : Disabled

I need to know which type of license shoud I buy to activate AnyConnect for mobile devices (android, iphone, etc)?

Th's.

Jennifer Halim · ‎07-25-2012

For mobile, license should be ASA-AC-M-5520=

You don't need AnyConnect Essential or premium anymore since you already have 500 AnyConnect premium license as per your output earlier.

View solution in original post

Jennifer Halim · ‎07-25-2012

Ahh, if it's failover pair, then ensure that you have 2 activation keys, one for each ASA.

Enter the activation key on the ASA, and click enter at the same time to apply the activation key.

If you don't apply it at the same time, it will disable the failover as failover requires exactly the same license on both ASA on version 8.0.4

View solution in original post

Jennifer Halim · ‎07-24-2012

Here is the part# for AnyConnect Mobile:

AnyConnect Mobile-ASA 5520 (req. Essentials or Premium)

ASA-AC-M-5520=

Ivan Levadnyi · ‎07-24-2012

I'm little confuse.

What type of licence shoud I buy?

L-ASA-AC-E-5520=

AnyConnect Essentials VPN License - ASA 5520 (750 Users)

Or

ASA-AC-M-5520=

AnyConnect Mobile - ASA 5520 (req. Essentials or Premium)

Th’s a lot!

Sorry for the stupid question.

Jennifer Halim · ‎07-25-2012

For mobile, license should be ASA-AC-M-5520=

You don't need AnyConnect Essential or premium anymore since you already have 500 AnyConnect premium license as per your output earlier.

Ivan Levadnyi · ‎07-25-2012

Th's.

I thought so

Jennifer Halim · ‎07-25-2012

pls kindly mark your question answered so others can learn from your post. Thank you.

Ivan Levadnyi · ‎07-25-2012

Halim, pl's say.

What is step by step instruction to install license in production network.

Are there any additional requirements, such as their version of asa821-k8.bin or higher, for example use only asdm-621.bin?

I mean:

need to buy licence, than I open my asdm go to licensing=>activation key=> enter the license key (which I will buy)=>

than restrart vpn

That's all?

Can you help with this?

I apologize that might take away from you time wasting

I want to know all the details that would be the introduction to the network, all was ok.

Jennifer Halim · ‎07-25-2012

Here is the requirement for Android mobile:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac10_admin_mobile_android.html

And here is for Apple mobile:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/release/notes/rn-ac2.5-iOS.html#wp1132648

So it requires version 8.0.4 or higher.

If you just have a single ASA, not in failover pair, then your step is correct, buy license --> get the activation key --> apply the activation key to the ASA, and if you check "show version", it should have the AnyConnect for Mobile: Enabled.

Ivan Levadnyi · ‎07-25-2012

I have

ASA version 8.0(4)

ASDM version 6.1.(5)

2 device in failover pair

Jennifer Halim · ‎07-25-2012

Ahh, if it's failover pair, then ensure that you have 2 activation keys, one for each ASA.

Enter the activation key on the ASA, and click enter at the same time to apply the activation key.

If you don't apply it at the same time, it will disable the failover as failover requires exactly the same license on both ASA on version 8.0.4

Ivan Levadnyi · ‎07-26-2012

Did you do this before?

In practice (production), you do it?

With your words get the following:

I went over to the asdm ASA1 active and ASA2 standby the same time.

Buy 2 licenses mobile.

At the same time click on the 1st and the 2nd ASA activate the license.

That's it?

P.S. Just when I'm doing manipulations with active, all information is instantly duplicated on the standby. I have no doubt that it will work.

Since I do not have to test the possibilities, it is alarming.

That's why I ask the did you do this before?

Th's a lot.

Jennifer Halim · ‎07-26-2012

Yup, did that before successfully.

The activation key does not get replicated to the standby ASA.

Ivan Levadnyi · ‎07-26-2012

Cool

I have correctly described the action?

You clicked on standby ASA first, then active ASA second activate licence?

Th's.

Ivan Levadnyi · ‎07-31-2012

Halim, could you answer the question?

Th's.

Jennifer Halim · ‎08-03-2012

Enter the activation key on both ASA, then if you use ASDM, send the command at the same time (or click Enter on one ASA then immediately on the other ASA). Basically sending the command to both ASA at more or less the same time.