05-18-2011 12:12 AM - edited 02-21-2020 05:21 PM
Hi,
we have ASA 5510 with IPS and base license. Now we need Anyconnect support for more than 2 users.
Is for Anyconnect (tunnel-mode) only the Anyconnect Essentials license enough? Do I need a license for SSL VPN peers?
What about Anyconnect clientless, I see that I need a premium license?
Is this one enough ASA5510-SSL50-K9? It is really expensive in comparison with Anyconnect Essentials.
Here is my sh ver output:
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 50
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 250
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has a Base license.
Solved! Go to Solution.
05-18-2011 03:47 AM
Yes, AnyConnect Premium includes all the SSL features (this also includes the AnyConnect full tunnel mode - which is what AnyConnect Essential supports).
So if you purchase the 50 user license for AnyConnect Premium, you can have up to 50 concurrent SSL VPN connections, whether they are combination of all clientless, or combination of clientless and full tunnel, or just full tunnel. All with maximum of 50 concurrent SSL tunnels.
05-18-2011 12:23 AM
If you only need to run AnyConnect full tunnel mode, then AnyConnect Essential license is enough, and you can have up to 250 SSL concurrent connections.
However, if you need all the advance feature of AnyConnect (CSD, host scan, etc.), clientless SSL VPN as well as the AnyConnect full tunnel mode, then you would need to purchase AnyConnect premium license (and this is user base in the following increment: 10, 25, 50,100, 250).
And yes, AnyConnect Essential is considerably cheaper than AnyConnect Premium license.
Hope that answers your question.
05-18-2011 12:37 AM
So this does not mean that I need an adittional license in order to successfully use Anyconnect? I just buy Anyconnect Essentials, and I can have 250 simultaneous connections although in SH VER I have this:
sh ver
SSL VPN Peers : 2
Is this right that if I buy a Anyconnect Premium license for 50 users than the SSL VPN Peers number will change to 50?
Is this the right part number?
ASA5510-SSL50-K9
Sorry, I need to be 100% sure before I place an order. The licensing is a little bit confusing.
05-18-2011 12:54 AM
From the output of show version, I don't see that AnyConnect Essential license has been enabled:
AnyConnect Essentials : Disabled
You would need to get a new activation key to add the AnyConnect Essential feature enabled.
You can't have both AnyConnect Essential and AnyConnect Premium enabled on the same ASA. It will enable one and disable the other, so it can't be used at the same time.
Yes, if you buy ASA5510-SSL50-K9, and you already have AnyConnect Essential enabled on the ASA, when you enabled the ASA with the AnyConnect Premium, your AnyConnect Essential will get disabled. So it's one or the other, not both.
Question is:
- have you already purchased AnyConnect Essential? if you have, it doesn't seem to have been activated yet, as the show version output is showing AnyConnect Essentials as disabled.
- if you already purchased AnyConnect Essential, and you decide to purchase AnyConnect Premium with 50 users (ASA5510-SSL50-K9), then you can only turn on one or the other (not both at the same time).
05-18-2011 01:22 AM
No I have not purchased Anyconnect Essentials.
With Anyconnect Premium I will have the features that I get with Anyconnect Essentials too?
If I buy ASA5510-SSL50-K9 than I will be able to have in example 10 simultaneous Anyconnect sessions, and 20 Clientless sessions?
05-18-2011 03:10 AM
I found here that I get Essentials capabilites with the Premium license too.
05-18-2011 03:47 AM
Yes, AnyConnect Premium includes all the SSL features (this also includes the AnyConnect full tunnel mode - which is what AnyConnect Essential supports).
So if you purchase the 50 user license for AnyConnect Premium, you can have up to 50 concurrent SSL VPN connections, whether they are combination of all clientless, or combination of clientless and full tunnel, or just full tunnel. All with maximum of 50 concurrent SSL tunnels.
05-18-2011 03:53 AM
Thank you very much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide