Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1439
Views
0
Helpful
4
Replies

ANYCONNECT VPN license

Go to solution
Deepthi
Level 1
Level 1

‎08-27-2019 08:32 AM - edited ‎02-21-2020 09:44 PM

Dear Team,

 

We have two Cisco ASAs connected in ACTIVE-STANDBY setup. I wanted to configure ANYCONNECT VPN and purchased an ANYCONNECT license from Cisco through our partner company. 

 

When i tried registering the license and sharing it with the other ASA on the Cisco website, i wasn't able to do it.

 

I logged a ticket with Cisco licensing team and they told me that i need to purchase a PLUS or APEX license.

 

So, I request your suggestions with this case... as every other person is giving me different answers.

 

this is the license i have currently.

 

L-AC-VPNO-25=

Cisco AnyConnect VPN Only, 25 Simultaneous (eDelivery)

 

Thank you.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-27-2019 07:29 PM

The Cisco Licensing team is correct.

When you purchase the VPN Only license that you mentioned, it is per unique device. Plus or Apex licenses are per unique user and may be shared across appliances.

This limitation is confirmed in the AnyConnect licensing FAQ here:

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200191-AnyConnect-Licensing-Frequently-Asked-Qu.html#anc6

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Deepthi

‎08-27-2019 08:35 PM

Yes, Anyconnect VPN will continue to work for a while when/if the Primary-Active unit where the VPN Only license was installed becomes Standby for whatever reason. The Secondary unit will not be directly licensed per se but as long as it can communicate with the licensed member of the HA pair it will continue to work.

If the Primary-Standby licensed member has failed altogether and cannot communicate with the Secondary-Active, the secondary unit will stop providing AnyConnect VPN after 30 days.

If you have RMA'd the primary unit with Cisco, they will re-issue a VPN only license for use with the replacement hardware.

See also

https://community.cisco.com/t5/firewalls/anyconnect-license-in-ha-pair-confusion/td-p/3010642

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-27-2019 07:29 PM

The Cisco Licensing team is correct.

When you purchase the VPN Only license that you mentioned, it is per unique device. Plus or Apex licenses are per unique user and may be shared across appliances.

This limitation is confirmed in the AnyConnect licensing FAQ here:

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200191-AnyConnect-Licensing-Frequently-Asked-Qu.html#anc6

0 Helpful

Go to solution
Deepthi
Level 1
Level 1
In response to Marvin Rhoads

‎08-27-2019 07:55 PM - edited ‎08-27-2019 07:56 PM

Hi Marvin,

 

Thank you very much for your response. I read through the document and as it says that if I have a Acitve/Standby ASA setup, I can just the single license I Have into the Active ASA and the VPN works even during a failover situation? 

 

Please do let me know.. and thanks in advance.. 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Deepthi

‎08-27-2019 08:35 PM

Yes, Anyconnect VPN will continue to work for a while when/if the Primary-Active unit where the VPN Only license was installed becomes Standby for whatever reason. The Secondary unit will not be directly licensed per se but as long as it can communicate with the licensed member of the HA pair it will continue to work.

If the Primary-Standby licensed member has failed altogether and cannot communicate with the Secondary-Active, the secondary unit will stop providing AnyConnect VPN after 30 days.

If you have RMA'd the primary unit with Cisco, they will re-issue a VPN only license for use with the replacement hardware.

See also

https://community.cisco.com/t5/firewalls/anyconnect-license-in-ha-pair-confusion/td-p/3010642

0 Helpful

Go to solution
Deepthi
Level 1
Level 1
In response to Marvin Rhoads

‎08-28-2019 08:02 AM

Thank you very much for your response. Appreciate it.

0 Helpful
Customers Also Viewed These Support Documents