06-15-2015 11:01 AM - edited 02-21-2020 08:16 PM
I am just wondering if anyone can give me some insight on the new ASA VPN (SSL VPN) licensing structure. Currently, i have anyconnect premium license installed on the ASA 5500 series but would like to purchase the same type of license for the ASA 5500x series. I understand premium license is required for SSL VPN and webvpn. Can anyone fill me in if the anyconnect premium and the anyconnect essentials license has been replaced by the Cisco Anyconnect Apex license?
Solved! Go to Solution.
06-15-2015 12:13 PM
The new AnyConnect Apex maps to the old Premium licenses. They are now term-based (1, 3 5 year) and are licensed per unique user (no matter how many devices) vs. concurrent users on the old scheme.
Apex (or the old Premium) is required for clientless SSL VPN. Regular AnyConnect client-based SSL VPN does not require Apex but can be done using only Plus licenses.
The new AnyConnect Plus maps to the old Essentials plus Mobile licenses. There is both a perpetual and term-based option.
The licensing per unique user is a terms and conditions / EULA sort of thing and not enforced by technical means at this time.
06-15-2015 12:13 PM
The new AnyConnect Apex maps to the old Premium licenses. They are now term-based (1, 3 5 year) and are licensed per unique user (no matter how many devices) vs. concurrent users on the old scheme.
Apex (or the old Premium) is required for clientless SSL VPN. Regular AnyConnect client-based SSL VPN does not require Apex but can be done using only Plus licenses.
The new AnyConnect Plus maps to the old Essentials plus Mobile licenses. There is both a perpetual and term-based option.
The licensing per unique user is a terms and conditions / EULA sort of thing and not enforced by technical means at this time.
06-15-2015 07:24 PM
Thank you for replying my question. Just have 1 question, do i apply the anyconnect plus license the same way i apply the anyconnect essential license to the ASA?
06-15-2015 08:53 PM
You're welcome.
Yes - using the "activation-key" command still applies.
Keys are no longer bound to a particular ASA serial number.
06-17-2015 01:32 PM
Marvin, you mention that the new license structure is per user vs the old way concurrent user. Does the ASA keep a database of users of who is who?
06-17-2015 01:53 PM
The ASA does of course know who is currently logged on. But it doesn't keep track of who was logged on previously (beyond whatever syslog messages may have been generated, depending on your local settings).
So, for now, it's sort of an honor system. That's what I was implying by "not enforced by technical means at this time". That may change in the future.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide