02-22-2013 04:50 AM - edited 02-21-2020 06:43 PM
Hi, hoping anyone can shed some light on this I am just getting more confused the more I try to work it out. Not sure if this goes in the IP Telehpony section or here..
We have an ASA 5510 with the base license. We are needing to install IP Phones at remote workers homes, and I understand there are Cisco IP phones which have VPN clients built in to allow a tunnel to the central private network. IT appears that you can only use Anyconnect VPN for this, ans I am trying to work out what licencing upgrade we need to apply to the ASA, as the two Anyconnect licenses you get free on the ASA is not enough.
This is the phone we are looking to get;
What I want to know is will the Anyconnect Essentials license work with these IP phones?
When I do a show version,
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 50
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 250
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has a Base license.
It shows "AnyConnect for Linksys phone : Disabled", is this the same for Cisco IP Phones? Is this the specific licensing type I should be looking to get for Anyconnect on IP phones or will Essentials do?
Solved! Go to Solution.
02-25-2013 08:19 AM
Hi Leo,
you will need 2 licenses: an Anyconnect Premium license as well as an "Anyconnect for Cisco VPN Phone" license.
In ASA 8.2 and earlier the "for Cisco VPN Phone" license was named "for Linksys phone" so that is the same.
cfr. http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html#wp1487574
hth
Herbert
02-25-2013 08:19 AM
Hi Leo,
you will need 2 licenses: an Anyconnect Premium license as well as an "Anyconnect for Cisco VPN Phone" license.
In ASA 8.2 and earlier the "for Cisco VPN Phone" license was named "for Linksys phone" so that is the same.
cfr. http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html#wp1487574
hth
Herbert
02-25-2013 08:21 AM
02-26-2013 01:37 AM
Hi Herbert,
Thanks! Currently I have users conecting to IPSec remote access VPN, which there are 250 seats available for. If I were to install L-ASA-SSL-10. which would give me 10 premium anyconnect licenses, would this have any effect on the seats I have available for IPSec VPN ? Will the users connecting via that still be able to or would they have to use the premium licensing? What Im saying is can you have normal IPsec VPN users/seats running at the same time as anyconnect premium users/seats? Or would I have 240 IPSec seats avaiable and 10 anyconnect premium?
02-26-2013 04:23 AM
Hi Leo,
technically, the ipsec users will not use up any premium license seats, so if you have 10 ipsec users connecting first, the premium seats are still free and so you can then still have 10 phones/anyconnect users connect.
However, the 250 you mention is the global platform limit, so it refers to the sum of premium and non-premium connections. Or in other words, you can have 240 ipsec users and 10 phones, but not 250 ipsec users and 10 phones.
If 250 ipsec users and 10 phones would try to connect, it would be first-in, first-served, e.g. you could have 248 ipsec users and 2 phones connected.
Note: since you have Essentials disabled I'm assuming you are referring to the legacy "Cisco vpnclient" (IKEv1 client) which does not require any license on the ASA. But for the benefit of others reading this thread: if you do have Anyconnect clients (using SSL or IPsec/IKEv2) for which you currently have an Essentials license, then note that the Essentials and Premium license cannot co-exist. So for e.g. 240 Anyconnect users and no phones, you can use Essentials. For 240 Anyconnect users and 10 phones, you need a 250-seat Premium license (and a vpn phone license).
hth
Herbert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide