Solved: ASA 5510 Security Plus Licence and Anyconnect

Afrederick123 · ‎12-11-2016

Hi There,

I currently have 2 x 5510 ASA's in my lab that I want to use for studying the CCNP Security they both have the base licence only, I'm in the process of buying 2 x L-ASA5510-SEC-PL in order to be able to do failover and clustering but I want to be able to practice configuring anyconnect remote access vpn's on the system too. Finding documentation that clearly states what these lics allow is nearly impossible. Can somebody please tell me if the lics I'm buying will give me the anyconnect feature or do I have to buy separate lics for that too? Also whether there are two anyconnect sessions allowed with the base lics and if so how does it work? I mean do I just go ahead and configure anyconnect and it will only allow two sessions? Can I have two anyconnect sessions and also other ipsec L2L vpns. It's all so confusing any (accurate) info will be much appreciated.

JP Miranda Z · ‎12-11-2016

Hi Afrederick123,

The SEC PLUS license is going to give you the following features:

Cisco ASA 5510 Security Plus bundle

Includes 5 Fast Ethernet interfaces, stateful firewall, 250 IPsec VPN peers, 2 SSL VPN peers, Active/Standby high availability, 3DES/AES license, and 1 expansion slot

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/prod_brochure0900aecd80402e36.html

So after having that clear let me help you with your questions:

Can somebody please tell me if the lics I'm buying will give me the AnyConnect feature or do I have to buy separate lics for that too?

-Yes for AnyConnect the license will be different (Apex or Plus)

Also whether there are two anyconnect sessions allowed with the base lics and if so how does it work?

-You can only have 2 clients connected simultaneously.

I mean do I just go ahead and configure anyconnect and it will only allow two sessions?

-Correct

Can I have two anyconnect sessions and also other ipsec L2L vpns?

-Yes, you can have up to 250 VPN L2L tunnel or Remote Access with IPSEC (not AnyConnect), and 2 simultaneous clients using AnyConnect.

Hope this info helps!!

Rate if helps you!!

-JP-

View solution in original post

JP Miranda Z · ‎12-11-2016

Hi Afrederick123,

The SEC PLUS license is going to give you the following features:

Cisco ASA 5510 Security Plus bundle

Includes 5 Fast Ethernet interfaces, stateful firewall, 250 IPsec VPN peers, 2 SSL VPN peers, Active/Standby high availability, 3DES/AES license, and 1 expansion slot

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/prod_brochure0900aecd80402e36.html

So after having that clear let me help you with your questions:

Can somebody please tell me if the lics I'm buying will give me the AnyConnect feature or do I have to buy separate lics for that too?

-Yes for AnyConnect the license will be different (Apex or Plus)

Also whether there are two anyconnect sessions allowed with the base lics and if so how does it work?

-You can only have 2 clients connected simultaneously.

I mean do I just go ahead and configure anyconnect and it will only allow two sessions?

-Correct

Can I have two anyconnect sessions and also other ipsec L2L vpns?

-Yes, you can have up to 250 VPN L2L tunnel or Remote Access with IPSEC (not AnyConnect), and 2 simultaneous clients using AnyConnect.

Hope this info helps!!

Rate if helps you!!

-JP-

Marvin Rhoads · ‎12-11-2016

All ASAs, no matter what license type, include the 2 AnyConnect Premium (old term, now known as Apex) licenses. They also include support for IPsec L2L VPNs with the base license.

With the two Premium license you can indeed just go ahead and configure the remote access SSL VPN. You can do either AnyConnect client-based or clientless (browser-based).

Afrederick123 · ‎12-15-2016

Hey Guys,

Thanks a lot for your quick and insightful answers. I'm happy to know that I won't have to fork out more money onlicenses that will be barely used. It costs so much building labs to gain certifications, it would be nice if Cisco would provision some kind of study licence that could be installed on whatever platforms we may require. (Just a thought)