Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1533
Views
0
Helpful
4
Replies

AnyConnect Licensing

Go to solution
quacktacular
Level 1
Level 1

‎02-14-2018 06:19 PM - edited ‎03-12-2019 05:01 AM

Hey there!

 

I'm about to roll out AnyConnect VPN on an ASA 5515x, but I need some help to figure out the licensing requirements before I move forward.

 

We have just over a hundred employees that would theoretically have access to the VPN using their RADIUS credentials. The setup is working fine over AnyConnect, but because I just have the base license only up to 2 users at a time (and not on iOS or Android). 

 

Of our employees we would only ever have 25 connected concurrently. Of the 100 I imagine only 50 would ever actually use VPN.

 

So do I need to buy an AnyConnect license based on the possible users? Or the number that would connect at one time? Or the likely number that would use the VPN service? Can I add more later if needed? If an employee leaves can I recover their "seat"?

 

Thanks so much for your insight!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎02-14-2018 08:29 PM

You need a licence for each user, regardless of how many concurrent connections there are. So you need 100 licences.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎02-14-2018 08:29 PM

You need a licence for each user, regardless of how many concurrent connections there are. So you need 100 licences.

0 Helpful

Go to solution
quacktacular
Level 1
Level 1
In response to Philip D'Ath

‎02-15-2018 08:19 AM

Got it thank you! Follow up question. If I offboard employees (and they no longer have access to the VPN) can I use their slots for new employees' VPN? So I have 100 employees, 10 leave, we hire 10 more and still have 100 net users. Would I have to tell Cisco or does the ASA treat this as an honour system?
0 Helpful

Go to solution
john.gudmann
Level 1
Level 1
In response to Philip D'Ath

‎12-18-2019 10:35 AM

How is this been monitored?

We are looking at Cisco AnyConnect as a solution for our supplier to do remote support on our systems.

We also want to use this as an option for "knowledge workers" that needs access to internal systems.

Since we will never be able to control how the software is used /installed on External supplier, it is a bit hard to follow the license policy described here.

I would expect this been monitored as concurrent user or some unique user sid number on ASA?

I mean we have 20000 user but this will only be an option for maybe 500.

What about using the IOS version? How is that been treated? We want to offer a BYOD solution build on AnyConnect and ISE profiling devices.

We can always count and monitor the user that will be using this. Either on ISE, or creating OU on AD only for the users been allowed to use AnyConnect. But control of the amount of PC with the software will be an impossible task. 

 

Thanks.  

John G.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to john.gudmann

‎12-19-2019 08:52 AM

While the software is licensed by "unique users", Cisco (ASA or IOS) does not keep track of the unique users once you have installed a non-default AnyConnect license (e.g., beyond the default 2 on ASA).

0 Helpful
Customers Also Viewed These Support Documents