Showing results for 
Search instead for 
Did you mean: 
Hall of Fame Guru

The old license types are now

The old license types are now end of sales.

See this announcement which confirms the last possible order date for them was 31 August 2015.

Going forward you would order AnyConnect 4.x licenses - Apex type is equivalent to the old Premium licenses. You no longer need to order the VPN Shared Server and Participant license types as you are licensed per unique user and the activation-keys can be generated for multiple ASA serial numbers - whether they are in HA, cluster or totally separate modes.

So you would need 2500 Apex licenses. They are term-based so you need to decide on 1- 3- or 5-year term and order accordingly.


Hello, Marvin!Thanks for the

Hello, Marvin!

Thanks for the link on Any Connect ordering guide. There everything is clearly described enough.

If it is possible, one more question. Here the quote from the ordering Guide:

"Apex and Plus licenses can be mixed in the same environment". 

I correctly understand that if, for example, it is necessary to provide connection to a cluster of 100 SSL VPN users and 100 Web VPN users , I have to order for the each device in cluster 100 of the licenses Any Connect Plus and 100 licenses Any Connect Apex.



Hello Marvin,I have ASA5510

Hello Marvin,

I have ASA5510 with v8.2 with base lic, which says " IPsec VPN Peers = 250".

Does "IPsec VPN Peers" means "both site-to-site and remote access IPSec VPN client" or does it mean only site-to-site vpn?

If I want the users to connect using Any-connect client, do i need to buy extra lic or it will be utilized from =250?

If I have two Cisco ASA 5510 in HA with Security Plus lic, and one of the ASA has L-ASA-SSL-250 lic installed in it, do i need to buy L-ASA-SSL-250 for the other fail-over device or its not required? as after fail-over primary lic will be transferred to secondary unit?

Thanks in advance,




Hall of Fame Guru

@acm,"IPsec VPN peers" means


"IPsec VPN peers" means as you noted in your question. It does not include AnyConnect client-based remote access VPN (either SSL or IPsec IKEv2 mode).

In an HA pair, the L-ASA-SSL-250 license is only required on one member (as of ASA 8.3 or later).


 @Marvin,Thank you for help..



Thank you for help.... few queries though,

Please find my current ASA details  in brackets:-

[System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"

ASA up 53 mins 32 secs

Hardware:   ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1599 MHz
Internal ATA Compact Flash, 256MB]

1] I have ASA v8.2 - will i need 2nos. of L-ASA-SSL-250 in HA pair?

2]Should i upgrade my ASA from v8.2 to v8.3 and then buy 1qty. of L-ASA-SSL-250 ? What do you suggest?

3]While upgrading my ASA from v8.2 to v8.3(or later) will I need to upgrade my ASA RAM/FLASH? Kindly go though my ASA HW details above.

thanks in advance,



Hall of Fame Guru

You're welcome.1. If you

You're welcome.

1. If you wanted to stay with 8.2 then yes you would need identical licenses purchased separately on both units.

2. I would suggest upgrading. I would skip 8.3(x) altogether. 8.4(7) or 9.0(3) are the currently recommend "most stable" releases for that platform. Reference.

3. An ASA 5510 with 1 GB of RAM can run the later versions of software (8.3 all the way through 9.1(5) - 9.2+ is not being developed for the older non-SMP hardware except the 5505). Reference.

One question - if you're adding a second 5510 is it one you have on hand already? I ask because those were end of sales since last year.


Hello MarvinYes, you are

Hello Marvin

Yes, you are correct. We have second ASA5510 in our stock.

Thanks again for your great help.



Hall of Fame Guru

You're welcome. Thanks for

You're welcome. Thanks for the ratings.


Hello friends!Please, allow

Hello friends!

Please, allow me to resurect this old post.

Marvin, would you please explain for what the ASA-ADV-END-SEC license is used for? Also for what is the ASA5505-SEC-PL license used for?



Hall of Fame Guru

Alex,ASA-ADV-END-SEC is used


ASA-ADV-END-SEC is used to enable the Advanced Endpoint Assessment feature.  AEA allows one to inspect clients for many features and even direct them with remediation messages etc. to validate compliance with standards (OS type, patch level, antivirus status,etc.) prior to allowing network access.

SEC-PL is Security Plus and allows several things such as high availability setup etc. on an ASA-5505. The 5510 and 5512-X have an equivalent offering. All higher models have the abilities built-in to their base licenses