Solved: Re: ASA 5505 SSL VPN license upgrade

janakackv · ‎11-24-2013

Hi all.

Our ASA 5505 with BASE license by default allowing only 10 concurrent vpn sessions (including 2 Anyconnect+IPsec). attached TXT file with license information. this firewal is use only for vpn access, and we have IPSec L2L vpn tunnel, anyconnect, client less SSL vpn and IPSec client access vpn configurations up and running,

we are in plan to upgrade vpn license to archive 10 IPSec and 10 Anyconnect and 1 anyconect mobile VPN sessions at time. so my questions are;

1. can I buy "ASA5500-SSL-10=" license and upgrade our ASA 5505 without buying "L-ASA5505-SEC-PL=" security pus license.

2. Does asa Support to upgrade only SSL Anyconnect vpn license while keeping 10 IPSec vpn comes with base license.

Thanks & waiting you value comments on this

Thanks

JCK

Marvin Rhoads · ‎11-25-2013

1. Yes.

2.Yes.

If you want to keep Clientless SSL VPN you do need to continue with adding the ASA5500-SSL-10= part. If you can do without clientless (including coverting the existing two), you can more inexpensively opt for the Security Plus and AnyConnect Essentials licenses. (US$800 vs. $1250 list price).

In either case, Mobile requires the AnyConnect Mobile license (ASA-AC-M-5505).

View solution in original post

Marvin Rhoads · ‎11-25-2013

1. Yes.

2.Yes.

If you want to keep Clientless SSL VPN you do need to continue with adding the ASA5500-SSL-10= part. If you can do without clientless (including coverting the existing two), you can more inexpensively opt for the Security Plus and AnyConnect Essentials licenses. (US$800 vs. $1250 list price).

In either case, Mobile requires the AnyConnect Mobile license (ASA-AC-M-5505).

janakackv · ‎11-25-2013

Thank you for the answer,

one last ques; just before finalizing the purchase!,

Current ASA is only for 10 inside hosts. so adding ASA5500-SSL-10 (10 anyconnect) OVER base license (8 IPSec +2 SSL) will increase number of inside hosts!. does't this support by base license?

with L-ASA 55505-SEC-PL= (security plus license) how many IPSec sessions will I get?

or according to you it will be better to buy Security Plus license and 10 anyconnect Essentials license? (without clientliss) as my ultimate requirement to have 10+10 IPSec and anyconnect Sessions max at a time.

Thanks

JCK

Marvin Rhoads · ‎11-25-2013

Remote access VPN clients should not count as inside hosts. I didn't have a 5505 to verify this but you should be able to see for yourself by issuing the command "show local-host" on your unit (while remote access VPN sessions are active) and validating the output shows that.

Security Plus, when combined with AnyConnect Essentials, will give you up to 25 concurrent IPsec remote access users.

AnyConnect Essentials is not in itself licensed in numbers - the Essentials feature is either on or off. It cannot coexist with AnyConnect Premium (which includes the clientless SSL). AnyConnect Premium is the one that comes in packs (2 users included with base product, can be upgraded to 10 or 25 users for the 5505).

janakackv · ‎11-26-2013

Dear Marvin, Thanks for the Advice. Appreciate it.

JCK