Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1166
Views
0
Helpful
5
Replies

AnyConnect VPN Sessions limited to 4

Go to solution
goc.dhitelecom
Level 1
Level 1

‎06-03-2019 11:17 AM

Hello All, 

 

I need help with the issue i have, i have a VPN Anyconnect Premium license with 2500 session installed, but only 4 can connect at the same time.  The ASAs in HA mode.

 

 

sh activation-key
Serial Number: XXXXXXXX
Running Permanent Activation Key: XXXXXXX XXXXXX XXXXXX XXXXXX XXXXXXX

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 300 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 2500 perpetual
Total VPN Peers : 2500 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual

This platform has an ASA5545 VPN Premium license.


Failover cluster licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 300 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 4 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2500 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 2500 perpetual
Total VPN Peers : 2500 perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 4 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual

This platform has an ASA5545 VPN Premium license.

The flash permanent activation key is the SAME as the running permanent key.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
goc.dhitelecom
Level 1
Level 1
In response to goc.dhitelecom

‎06-04-2019 11:41 AM

I opened a ticket with Cisco TAC, they recommended the following command:

 

 - vpn-sessiondb max-anyconnect-premium-or-essentials-limit 2500

 

the issue seems to be resolved so far, i have more than 4 people connected already. 

BEFORE:

XXXXXXX# sh vpn-sessiondb license-summary
---------------------------------------------------------------------------
VPN Licenses and Configured Limits Summary
---------------------------------------------------------------------------
                                                      Status :     Capacity : Installed  :    Limit
--------------------------------------------------------------------
AnyConnect Premium :                 ENABLED :   2500     :   2500     :   4
AnyConnect Essentials :                DISABLED :  2500     :   0           :   4
Other VPN (Available by Default) : ENABLED :   2500     :   2500     :   2500
Shared License Server :                DISABLED
Shared License Participant :          DISABLED
AnyConnect for Mobile :                ENABLED(Requires Premium or Essentials)
Advanced Endpoint Assessment :  ENABLED(Requires Premium)
AnyConnect for Cisco VPN Phone : ENABLED
VPN-3DES-AES : ENABLED
VPN-DES : ENABLED

 

AFTER:

XXXXXXX# sh vpn-sessiondb license-summary
---------------------------------------------------------------------------
VPN Licenses and Configured Limits Summary
---------------------------------------------------------------------------
                                                      Status :     Capacity : Installed  :    Limit
--------------------------------------------------------------------
AnyConnect Premium :                 ENABLED :   2500     :   2500     :   2500
AnyConnect Essentials :                DISABLED :  2500     :   0           :   2500
Other VPN (Available by Default) : ENABLED :   2500     :   2500     :   2500
Shared License Server :                DISABLED
Shared License Participant :          DISABLED
AnyConnect for Mobile :                ENABLED(Requires Premium or Essentials)
Advanced Endpoint Assessment :  ENABLED(Requires Premium)
AnyConnect for Cisco VPN Phone : ENABLED
VPN-3DES-AES : ENABLED
VPN-DES : ENABLED

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-03-2019 09:11 PM

What version of software are you running?

0 Helpful

Go to solution
goc.dhitelecom
Level 1
Level 1
In response to Marvin Rhoads

‎06-04-2019 07:28 AM

Hi Marvin,

 

I'm Running Software Version 9.10(1). 

 

Thanks

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to goc.dhitelecom

‎06-04-2019 07:47 AM

Is your failover pair operating normally? If so - and if either unit has had the PAK applied - the pair should synchronize the licenses across them.

Your output is odd in showing only the 4 licenses on the active unit yet the full licensed number for the failover pair.

There was this recent bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp78232

But it shouldn't affect 9.10(1).

You aren't running multiple contexts are you?

0 Helpful

Go to solution
goc.dhitelecom
Level 1
Level 1
In response to Marvin Rhoads

‎06-04-2019 07:54 AM

Marvin, 

 

The Failover is operating normally, and i have the PAK applied and its been running normally for the past 2 years, i still have 1 more year before the license expires. as for the Context, i'm not running any. 

 

Thanks

AJ

0 Helpful

Go to solution
goc.dhitelecom
Level 1
Level 1
In response to goc.dhitelecom

‎06-04-2019 11:41 AM

I opened a ticket with Cisco TAC, they recommended the following command:

 

 - vpn-sessiondb max-anyconnect-premium-or-essentials-limit 2500

 

the issue seems to be resolved so far, i have more than 4 people connected already. 

BEFORE:

XXXXXXX# sh vpn-sessiondb license-summary
---------------------------------------------------------------------------
VPN Licenses and Configured Limits Summary
---------------------------------------------------------------------------
                                                      Status :     Capacity : Installed  :    Limit
--------------------------------------------------------------------
AnyConnect Premium :                 ENABLED :   2500     :   2500     :   4
AnyConnect Essentials :                DISABLED :  2500     :   0           :   4
Other VPN (Available by Default) : ENABLED :   2500     :   2500     :   2500
Shared License Server :                DISABLED
Shared License Participant :          DISABLED
AnyConnect for Mobile :                ENABLED(Requires Premium or Essentials)
Advanced Endpoint Assessment :  ENABLED(Requires Premium)
AnyConnect for Cisco VPN Phone : ENABLED
VPN-3DES-AES : ENABLED
VPN-DES : ENABLED

 

AFTER:

XXXXXXX# sh vpn-sessiondb license-summary
---------------------------------------------------------------------------
VPN Licenses and Configured Limits Summary
---------------------------------------------------------------------------
                                                      Status :     Capacity : Installed  :    Limit
--------------------------------------------------------------------
AnyConnect Premium :                 ENABLED :   2500     :   2500     :   2500
AnyConnect Essentials :                DISABLED :  2500     :   0           :   2500
Other VPN (Available by Default) : ENABLED :   2500     :   2500     :   2500
Shared License Server :                DISABLED
Shared License Participant :          DISABLED
AnyConnect for Mobile :                ENABLED(Requires Premium or Essentials)
Advanced Endpoint Assessment :  ENABLED(Requires Premium)
AnyConnect for Cisco VPN Phone : ENABLED
VPN-3DES-AES : ENABLED
VPN-DES : ENABLED

0 Helpful
Customers Also Viewed These Support Documents