Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
954
Views
0
Helpful
4
Replies

Anyconnect Premium ASA License reduced

Go to solution
arnav.prasad
Level 1
Level 1

‎11-09-2021 01:22 AM

We are encountering license issue on one of our firewalls after upgrading ASAv from IOS version 9.12(3)12 to 9.14(2)15

 

Before upgrade we had VPN License (Anyconnect Premium Peers) for 750 users, which got reduced to 250 users only after upgrade.

 

Before Upgrade:

License mode: AWS Licensing
License state: LICENSED

 

Licensed features for this platform:
Maximum VLANs : 200
Inside Hosts : Unlimited
Failover : Active/Standby
Encryption-DES : Enabled
Encryption-3DES-AES : Enabled
Security Contexts : 0
Carrier : Enabled
AnyConnect Premium Peers : 750
AnyConnect Essentials : Disabled
Other VPN Peers : 750
Total VPN Peers : 750
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Enabled
Advanced Endpoint Assessment : Enabled
Shared License : Disabled
Total TLS Proxy Sessions : 998
Botnet Traffic Filter : Enabled
Cluster : Disabled

 

After Upgrade:

 

License mode: AWS Licensing
License state: LICENSED

 

Licensed features for this platform:
Maximum VLANs : 50
Inside Hosts : Unlimited
Failover : Active/Standby
Encryption-DES : Enabled
Encryption-3DES-AES : Enabled
Security Contexts : 0
Carrier : Enabled
AnyConnect Premium Peers : 250
AnyConnect Essentials : Disabled
Other VPN Peers : 250
Total VPN Peers : 250
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Enabled
Advanced Endpoint Assessment : Enabled
Shared License : Disabled
Total TLS Proxy Sessions : 500
Botnet Traffic Filter : Enabled
Cluster : Disabled

 

Can any help why it is reduced and how can we go back to 750 again.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
arnav.prasad
Level 1
Level 1
In response to Marvin Rhoads

‎11-11-2021 01:02 AM

On researching, it was found out to be a resource issue.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/asav/getting-started/asav-914-gsg/asav_intro.html#id_123423 

 

In Release notes of 9.14, it is written that instance memory should be more than 8GB to support 750 VPN licenses, otherwise it will get reduced to 250 licenses according to memory size of instance.

 

Solution:

Build a new instance we adequate memory to support 750 VPN licenses.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎11-09-2021 02:29 AM

Not sure whether you use PAK based on smart licensing. If smart licensing
try to readd the device. Otherwise, open a ticket with Cisco licensing.

**** please remember to rate useful posts
0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎11-09-2021 09:16 AM

Did you change, perhaps by accident, from ASAv30 to ASAv10? The new values are exactly what to expect from ASAv10.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-09-2021 09:33 AM

I'm with @Karsten Iwen  on this one. Check your VM specs ("show vm" from the cli).

0 Helpful

Go to solution
arnav.prasad
Level 1
Level 1
In response to Marvin Rhoads

‎11-11-2021 01:02 AM

On researching, it was found out to be a resource issue.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/asav/getting-started/asav-914-gsg/asav_intro.html#id_123423 

 

In Release notes of 9.14, it is written that instance memory should be more than 8GB to support 750 VPN licenses, otherwise it will get reduced to 250 licenses according to memory size of instance.

 

Solution:

Build a new instance we adequate memory to support 750 VPN licenses.

0 Helpful
Customers Also Viewed These Support Documents