Solved: Re: ASA 5520 Ipsec VPN client License

AQUALUNGAMERICA · ‎03-13-2020

I have the following licenses. We are in the process of going to a firepower but till then we are trying to see how many users we can accommodate to use our legacy IpSec VPN clients on our Cisco ASA 5520. Is the 750 total peers include concurrent ipsec vpn client licenses. I have 10 site to site IKev1 vpn tunnels. Based on what I've read, does this mean I have the ability to use 740 concurrent Ipsec VPN clients. We have not had time to move over to our SSL from too many projects.

Thank you Carlos

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 150 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual

This platform has an ASA 5520 VPN Plus license.

Marvin Rhoads · ‎03-13-2020

Yes you could technically have 10 site-site IPsec VPNs plus 740 remote access IPsec clients = 750 total.

However the legacy IPsec VPN client is way past end of life (as is your ASA 5520). It wont work on Windows 10 PCs and is even difficult to get it to work on Windows 8.

View solution in original post

Marvin Rhoads · ‎03-13-2020

Yes you could technically have 10 site-site IPsec VPNs plus 740 remote access IPsec clients = 750 total.

However the legacy IPsec VPN client is way past end of life (as is your ASA 5520). It wont work on Windows 10 PCs and is even difficult to get it to work on Windows 8.

AQUALUNGAMERICA · ‎03-16-2020

Hello Marvin,

Thank you for the reply. We have it working properly on Windows 7 and Windows 10. We do not use Windows 8. What the issue is the DNE driver for the VPN. We install SonicWall VPN to install the DNE driver. We then install the last version of the Cisco VPN Ipsec client. Make one registry change for the Cisco Client and then uninstall the SonicWall VPN while maintaining the DNE driver installed. Works like a charm on both OS.

Thank you

Carlos

GAC · ‎03-20-2020

Carlos,

Would you mind sharing what registry change?

thanks

AQUALUNGAMERICA · ‎12-27-2020

How to get Cisco VPN IPsec Client to install on Windows 10 Pro:

1) Download SonicWall 64 Bit VPN Client

2) Download Cisco IPSec VPN Client (Version 5.0.07.0440)

3) Install SonicWall VPN Client do not configure. This is just so you can have the DNE Driver

4) Install Cisco IPSec VPN Client with Configuration file

5) Reboot computer

6) Go to Regedit:

7) Navigate to Registry Key: HKLM\System\CurrentControlSet\Services\CVirta

Look for key that says: "@oem8.ifn,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows"

9) Delete everything except Cisco Systems VPN Adapter for 64-bit Windows

10) Reboot computer.

11) Note: Windows 10 updates will have you reinstall the Cisco VPN Adapter. The security features disables the VPN Client. This is one of the downfalls of the Windows 10 Pro system.

Karsten Iwen · ‎03-14-2020

As Marvin said, the IPsec client is EOL. But you can buy an AnyConnect subscription for remote-access VPN that you can use with your old firewall while the migration is in place and also with the new firewall without any additional cost. Moving to AnyCOnnect VPN is probably less hassle than to get the old client running on newer PC.