03-11-2015 07:19 AM - edited 02-21-2020 08:07 PM
Hi,
I'm a little bit confused what's the maximum number of Anyconnect VPN user session on 5506.
There are two values at Maximum Cisco AnyConnect® or Clientless VPN User Sessions (AnyConnect/Apex license required): 2/50 (without and with security plus).
And the comment below the table: Requires AnyConnect Plus/Apex license. Apex license required for clientless VPN. See the AnyConnect Ordering Guide for details. Maximum users may be further limited by your throughput requirements.
I have ASA5506 with security plus and there are 4 Anyconnect premium peers included by default. I can extend it to 50 peers, no doubt about that.
But I'm wondering about ASA5506-X without security plus license: are there only 2 Anyconnect premium peers included by default?
And the second question: if I purchase anyconnect license (let's say anyconnect plus for 50 users) would I be able to connect 2 or 50 simoultaneous users?
03-12-2015 09:21 PM
Hi Jernej,
My understanding of the license is default 2, max with purchased license is 50(with security plus license). By default, the 2 premium license will be gone once you activate either a AnyConnect Plus or Apex license. If you have security plus, it gives you a default 4 sessions instead of 2 but the same condition should apply once you have Plus or Apex installed.
I found this link and looks like it will answer all of your questions:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/intro-license.html#20490
In the new AnyConnect licensing model, you can run Plus and Apex concurrently unlike the old Essential/Premium. Ultimately, the max session is driven by the capacity of the unit so it is just a number game how you want to distribute Plus/Apex if you choose to mix them.
Hope this helps!
03-13-2015 12:07 AM
Hi Paul,
thanks for this.
Regarding to this document it seems maximum 10 anyconnect clients are supported on ASA5506-X without security plus license - even if one purchases Anyconnect Plus license for 25 users or more.
Can someone from BU confirm it please, just to be sure?
05-21-2015 07:43 AM
Hi Jernej,
Were you able to check the Anyconnect users limit from your question?
I also would like to know what licenses are needed to support numbers of SSL VPN users on 5506-X.
BR
05-21-2015 12:05 PM
Hi, I have appliance with base and appliance with security plus license on my table. I'll make a test tomorrow and let you know.
05-22-2015 12:40 AM
Great, thank you! I will be waiting.
Please include information about what AnyConnect License you have (Plus or Apex) and ASA SW version. From what I see there are differences with licensing between 9.3 and 9.4.
05-23-2015 08:28 AM
Hi, I've found the following
1. ASA with security plus license and 25 APEX licenses installed
a) SW 9.3
AnyConnect Premium Peers : 25 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 50 perpetual
Total VPN Peers : 50 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
b) SW 9.4
AnyConnect Premium Peers : 25 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 50 perpetual
Total VPN Peers : 50 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
So the upper limit is 50 VPN tunnels (IPSEC+APEX).
2. ASA without security plus license
a) without APEX, SW 9.3
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
b) with APEX 25, SW 9.3
AnyConnect Premium Peers : 25 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 35 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
c) with APEX, SW 9.4
AnyConnect Premium Peers : 25 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 35 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
Without additional anyconnect license you have 2 premium licenses installed by default + you can establish additional 10 IPSEC tunnels.
If you install Anyconnect license additionally you still can establish 10 IPSEC tunnels + max 40 SSL VPN tunnels (I assume that based on 50 VPN tunnels limitations with security plus license).
So I would say if you use 9.3 or 9.4 version nothing changes - what information you have regarding differences with licensing between 9.3 and 9.4?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide