07-05-2022 03:45 AM
I recently purchased a Cisco AnyConnect license for ASA5510 with the below details:
L-AC-PLS-LIC= Cisco AnyConnect Plus Term License, Total Authorized Users 25
When i check the license information on ASA, it shows that it has 250 total SSL VPN peers like in the output below:
ASA-OUTSIDE# sh vpn-sessiondb summary
Active Session Summary
Sessions:
Active : Cumulative : Peak Concurrent : Inactive
SSL VPN : 0 : 487 : 7
Clientless only : 0 : 22 : 4
With client : 0 : 465 : 7 : 0
IPsec LAN-to-LAN : 1 : 201 : 1
Totals : 1 : 688
License Information:IPsec : 250 Configured : 250 Active : 1 Load : 0%
SSL VPN : 250 Configured : 250 Active : 0 Load : 0%
Active : Cumulative : Peak Concurrent
IPsec : 1 : 201 : 1
SSL VPN : 0 : 487 : 7
Totals : 1 : 688
Does this mean i can still have more than 25 Anyconnect users connected at the same time?
Regards.
07-05-2022 03:57 AM - edited 07-05-2022 04:00 AM
what ASA model :
can you post complete output screenshot :
# show vpn-sessiondb detail
# show version
07-05-2022 04:41 AM
ASA-OUTSIDE# sh vpn-sessiondb detail
Active Session Summary
Sessions:
Active : Cumulative : Peak Concurrent : Inactive
SSL VPN : 1 : 488 : 7
Clientless only : 0 : 22 : 4
With client : 1 : 466 : 7 : 0
Email Proxy : 0 : 0 : 0
IPsec LAN-to-LAN : 1 : 201 : 1
IPsec Remote Access : 0 : 0 : 0
Totals : 2 : 689
License Information:
IPsec : 250 Configured : 250 Active : 1 Load : 0%
SSL VPN : 250 Configured : 250 Active : 1 Load : 0%
Active : Cumulative : Peak Concurrent
IPsec : 1 : 201 : 1
SSL VPN : 1 : 488 : 7
AnyConnect Mobile : 64 : 64 : 64
Linksys Phone : 0 : 0 : 0
Totals : 2 : 689
Tunnels:
Active : Cumulative : Peak Concurrent
IKE : 1 : 201 : 1
IPsecOverNatT : 1 : 195 : 1
Clientless : 1 : 488 : 7
SSL-Tunnel : 1 : 896 : 6
DTLS-Tunnel : 1 : 896 : 6
Totals : 5 : 2676
Active NAC Sessions:
No NAC sessions to display
Active VLAN Mapping Sessions:
No VLAN Mapping sessions to display
ASA-OUTSIDE# show version
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)
Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"
NBS-ASA-OUTSIDE up 44 days 20 hours
Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is c84c.7578.0df4, irq 9
1: Ext: Ethernet0/1 : address is c84c.7578.0df5, irq 9
2: Ext: Ethernet0/2 : address is c84c.7578.0df6, irq 9
3: Ext: Ethernet0/3 : address is c84c.7578.0df7, irq 9
4: Ext: Management0/0 : address is c84c.7578.0df8, irq 11
5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 50
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
SSL VPN Peers : 250
Total VPN Peers : 250
Shared License : Disabled
AnyConnect for Mobile : Enabled
AnyConnect for Linksys phone : Enabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Enabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has a Base license.
Serial Number: JMX1439L19W
Running Activation Key: 0x661cc966 0x842d2566 0x48d1e144 0x88a884c8 0xc13d1e94
Configuration register is 0x1
07-05-2022 08:35 AM - edited 07-08-2022 07:53 AM
there are two any connect count
one the ASA up limit of any connect can connect any time and this for your case ASA5510 is 250
other is what your license give you,
for the license try
UPDATE I FOUND THE COMMAND GIVE YOU FULL INFO OF LICENSE
ASA(config)# sh vpn-sessiondb license-summary
07-05-2022 04:03 AM
Although the ASA would show that amount of available licenses, you should still use the amount of licenses you purchase. In your case you purchased 25 plus licenses, and that should be the maximum amount of users that would need to be connected concurrently to the firewall at any given time. You would see similar behaviour on the FTDs where the show command would show you something different than what you purchased.
07-05-2022 04:42 AM
Thanks Aref.
07-05-2022 04:06 AM - edited 07-05-2022 04:06 AM
@vitumbiko nkhwazi Complying with the unique/authorized user counts and term limits are honor system and are not physically enforced by the ASA or AnyConnect. https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200191-AnyConnect-Licensing-Frequently-Asked-Qu.html
You are only licensed for 25 AnyConnect connections, but the ASA 5510 supports up to 250 maximum VPN connections.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: