Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1446
Views
0
Helpful
4
Replies

Anyconnect license for ASA5520

Go to solution
Syed Farhan Ali
Level 4
Level 4

‎02-10-2014 10:03 PM - edited ‎02-21-2020 07:29 PM

Dear Team,

Below is the configuration of one of our clients and they have requested for 50 Users Anyconnect License with software being installed on client.

**************************************************************************************************************************

ABC # sh ver

Cisco Adaptive Security Appliance Software Version 8.2(2)
Device Manager Version 5.2(3)

Compiled on Mon 11-Jan-10 14:19 by builders
System image file is "disk0:/asa822-k8.bin"
Config file at boot was "startup-config"

PSO-ASA up 110 days 22 hours
failover cluster up 110 days 22 hours

Hardware:   ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                              Boot microcode   : CN1000-MC-BOOT-2.00
                              SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                              IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
  0: Ext: GigabitEthernet0/0  : address is 001e.f760.a75c, irq 9
  1: Ext: GigabitEthernet0/1  : address is 001e.f760.a75d, irq 9
  2: Ext: GigabitEthernet0/2  : address is 001e.f760.a75e, irq 9
  3: Ext: GigabitEthernet0/3  : address is 001e.f760.a75f, irq 9
  4: Ext: Management0/0       : address is 001e.f760.a760, irq 11
  5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11
  6: Int: Not used            : irq 5
  7: Ext: GigabitEthernet1/0  : address is 001e.f760.b729, irq 255
  8: Ext: GigabitEthernet1/1  : address is 001e.f760.b72a, irq 255
  9: Ext: GigabitEthernet1/2  : address is 001e.f760.b72b, irq 255
10: Ext: GigabitEthernet1/3  : address is 001e.f760.b72c, irq 255
11: Int: Internal-Data1/0    : address is 0000.0003.0002, irq 255

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 150
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 2
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 750
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has an ASA 5520 VPN Plus license.

Serial Number: JMX1210L21K
Running Activation Key: 0x7c1f6a6e 0x44e5b71d 0xa8b04110 0x9e043c5c 0x0d329294
Configuration register is 0x1
Configuration last modified by enable_15 at 10:58:52.275 UTC Wed Dec 18 2013

****************************************************************************************************************************************

I have quoted them "L-ASA-SSL-50=" but confused about the ASA Licensing.

Please let me know if this is the right one or I have to quote something else?

Kindly let me know if we need to purchase client software for client based SSL VPN?

Regards,

Farhan.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Javier Portuguez

‎02-24-2014 10:02 AM

If Farhan's user is asking for the 50 license then I believe this is a pretty clear indication that they are interested in the premium license because on this 5520 the Essentials license would give them the full number of VPN connections that the platform supports (750 for the 5520).

Perhaps Farhan might want to talk with the user about whether the Essentials license would give them what they want. If so the Essentials license is much lower price than the Premium license. What you get with the Premium license that you do not get with the Essentials license is support for clientless VPN, and support for things like remote assessment. But for regular client based VPN access the Essentials license is frequently good enough.

Also note that these licenses give users access when using regular PC platforms. If you want users to access using mobile devices like smart phones then you will also need the AnyConnecct for Mobile license.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to Richard Burts

‎02-24-2014 10:07 AM

Hi Richard,

I agree with you

Just wanted to make sure I provide the more information so he can double check it and make sure it meets his requirements.

I think the next step is to ask the user and clarify the required access method (Clientless or AnyConnect standalone).

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Syed Farhan Ali
Level 4
Level 4

‎02-24-2014 03:43 AM

Dear Support Techies,

Waiting for a response.

Regards,

Farhan.

0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to Syed Farhan Ali

‎02-24-2014 06:57 AM

Syed,

As per the "show version" output:

SSL VPN Peers                  : 2

Total VPN Peers                : 750

Shared License                 : Disabled

AnyConnect for Mobile          : Disabled

AnyConnect for Cisco VPN Phone : Disabled

AnyConnect Essentials          : Disabled

Do you need AnyConnect Essentials or Premium?

Check:

AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 3.1

Cisco AnyConnect Secure Mobility Client Licensing Options

Table 2 lists licensing options for the Cisco AnyConnect Secure Mobility Client.

Table 2. Cisco AnyConnect Secure Mobility Client Licensing Options

License Requirements (each license below is required)

Description

Cisco ASA Platform License

Cisco AnyConnect Essentials[2] (P/N: (L-ASA-AC-E-55**=) 05, 10, 20, 40, 50,80, 85)

• Highly secure remote-access connectivity

• Single license per ASA device model (not a per user license); enables maximum simultaneous users on platform

• Full-tunneling access to enterprise applications

Cisco AnyConnect Premium[3] (P/N: (L-ASA-SSL-***=) 10, 25, 50, 100, 250, 500, 1000, 2500, 5000, 10,000

• Also provides support for clientless SSL VPN and capabilities available on desktop AnyConnect platforms including Cisco Secure Desktop HostScan and always-on VPN connectivity

• License is based on number of simultaneous users, and is available as a single device or shared license (part number above is for a single device license)

Cisco AnyConnect Mobile License5

P/N: (L-ASA-AC-M-55*=)
05, 10, 20, 40, 50,80, 85

• Enables Mobile OS platform compatibility

• Single license per ASA device model (not a per user license) is required in addition to Essentials or Premium licenses

Cisco AnyConnect Secure Mobility Client Licensing Options

Let me know if you have any further questions.

HTH.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Javier Portuguez

‎02-24-2014 10:02 AM

If Farhan's user is asking for the 50 license then I believe this is a pretty clear indication that they are interested in the premium license because on this 5520 the Essentials license would give them the full number of VPN connections that the platform supports (750 for the 5520).

Perhaps Farhan might want to talk with the user about whether the Essentials license would give them what they want. If so the Essentials license is much lower price than the Premium license. What you get with the Premium license that you do not get with the Essentials license is support for clientless VPN, and support for things like remote assessment. But for regular client based VPN access the Essentials license is frequently good enough.

Also note that these licenses give users access when using regular PC platforms. If you want users to access using mobile devices like smart phones then you will also need the AnyConnecct for Mobile license.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to Richard Burts

‎02-24-2014 10:07 AM

Hi Richard,

I agree with you

Just wanted to make sure I provide the more information so he can double check it and make sure it meets his requirements.

I think the next step is to ask the user and clarify the required access method (Clientless or AnyConnect standalone).

0 Helpful
Customers Also Viewed These Support Documents