The old license types are now end of sales.

See this announcement which confirms the last possible order date for them was 31 August 2015.

Going forward you would order AnyConnect 4.x licenses - Apex type is equivalent to the old Premium licenses. You no longer need to order the VPN Shared Server and Participant license types as you are licensed per unique user and the activation-keys can be generated for multiple ASA serial numbers - whether they are in HA, cluster or totally separate modes.

So you would need 2500 Apex licenses. They are term-based so you need to decide on 1- 3- or 5-year term and order accordingly.

Hello, Marvin!

Thanks for the link on Any Connect ordering guide. There everything is clearly described enough.

If it is possible, one more question. Here the quote from the ordering Guide:

"Apex and Plus licenses can be mixed in the same environment". 

I correctly understand that if, for example, it is necessary to provide connection to a cluster of 100 SSL VPN users and 100 Web VPN users , I have to order for the each device in cluster 100 of the licenses Any Connect Plus and 100 licenses Any Connect Apex.

Thanks.

@acm,

"IPsec VPN peers" means as you noted in your question. It does not include AnyConnect client-based remote access VPN (either SSL or IPsec IKEv2 mode).

In an HA pair, the L-ASA-SSL-250 license is only required on one member (as of ASA 8.3 or later).

@Marvin,

Thank you for help.... few queries though,

Please find my current ASA details  in brackets:-

[System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"

ASA up 53 mins 32 secs

Hardware:   ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1599 MHz
Internal ATA Compact Flash, 256MB]

1] I have ASA v8.2 - will i need 2nos. of L-ASA-SSL-250 in HA pair?

2]Should i upgrade my ASA from v8.2 to v8.3 and then buy 1qty. of L-ASA-SSL-250 ? What do you suggest?

3]While upgrading my ASA from v8.2 to v8.3(or later) will I need to upgrade my ASA RAM/FLASH? Kindly go though my ASA HW details above.

thanks in advance,

acm

You're welcome.

1. If you wanted to stay with 8.2 then yes you would need identical licenses purchased separately on both units.

2. I would suggest upgrading. I would skip 8.3(x) altogether. 8.4(7) or 9.0(3) are the currently recommend "most stable" releases for that platform. Reference.

3. An ASA 5510 with 1 GB of RAM can run the later versions of software (8.3 all the way through 9.1(5) - 9.2+ is not being developed for the older non-SMP hardware except the 5505). Reference.

One question - if you're adding a second 5510 is it one you have on hand already? I ask because those were end of sales since last year.

Hello Marvin

Yes, you are correct. We have second ASA5510 in our stock.

Thanks again for your great help.

regards,

acm

You're welcome. Thanks for the ratings.

Alex,

ASA-ADV-END-SEC is used to enable the Advanced Endpoint Assessment feature.  AEA allows one to inspect clients for many features and even direct them with remediation messages etc. to validate compliance with standards (OS type, patch level, antivirus status,etc.) prior to allowing network access.

SEC-PL is Security Plus and allows several things such as high availability setup etc. on an ASA-5505. The 5510 and 5512-X have an equivalent offering. All higher models have the abilities built-in to their base licenses