cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ASA AnyConnect license limit

I recently purchased a Cisco AnyConnect license for ASA5510 with the below details:

 

L-AC-PLS-LIC=   Cisco AnyConnect Plus Term License,  Total Authorized Users 25

 

When i check the license information on ASA, it shows that it has 250 total SSL VPN peers like in the output below:

 

ASA-OUTSIDE# sh vpn-sessiondb summary

Active Session Summary

Sessions:
Active : Cumulative : Peak Concurrent : Inactive
SSL VPN : 0 : 487 : 7
Clientless only : 0 : 22 : 4
With client : 0 : 465 : 7 : 0
IPsec LAN-to-LAN : 1 : 201 : 1
Totals : 1 : 688

License Information:IPsec : 250 Configured : 250 Active : 1 Load : 0%
SSL VPN : 250 Configured : 250 Active : 0 Load : 0%
Active : Cumulative : Peak Concurrent
IPsec : 1 : 201 : 1
SSL VPN : 0 : 487 : 7
Totals : 1 : 688

 

Does this mean i can still have more than 25 Anyconnect users connected at the same time?

 

Regards.

6 REPLIES 6

balaji.bandi
VIP Guru VIP Guru
VIP Guru

what ASA model :

 

can you post complete output screenshot :

 

# show vpn-sessiondb detail

# show version

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ASA-OUTSIDE# sh vpn-sessiondb detail

Active Session Summary

Sessions:
Active : Cumulative : Peak Concurrent : Inactive
SSL VPN : 1 : 488 : 7
Clientless only : 0 : 22 : 4
With client : 1 : 466 : 7 : 0
Email Proxy : 0 : 0 : 0
IPsec LAN-to-LAN : 1 : 201 : 1
IPsec Remote Access : 0 : 0 : 0
Totals : 2 : 689

License Information:
IPsec : 250 Configured : 250 Active : 1 Load : 0%
SSL VPN : 250 Configured : 250 Active : 1 Load : 0%
Active : Cumulative : Peak Concurrent
IPsec : 1 : 201 : 1
SSL VPN : 1 : 488 : 7
AnyConnect Mobile : 64 : 64 : 64
Linksys Phone : 0 : 0 : 0
Totals : 2 : 689

Tunnels:
Active : Cumulative : Peak Concurrent
IKE : 1 : 201 : 1
IPsecOverNatT : 1 : 195 : 1
Clientless : 1 : 488 : 7
SSL-Tunnel : 1 : 896 : 6
DTLS-Tunnel : 1 : 896 : 6
Totals : 5 : 2676

Active NAC Sessions:
No NAC sessions to display

Active VLAN Mapping Sessions:
No VLAN Mapping sessions to display

 

 

ASA-OUTSIDE# show version

Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)

Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"

NBS-ASA-OUTSIDE up 44 days 20 hours

Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is c84c.7578.0df4, irq 9
1: Ext: Ethernet0/1 : address is c84c.7578.0df5, irq 9
2: Ext: Ethernet0/2 : address is c84c.7578.0df6, irq 9
3: Ext: Ethernet0/3 : address is c84c.7578.0df7, irq 9
4: Ext: Management0/0 : address is c84c.7578.0df8, irq 11
5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 50
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
SSL VPN Peers : 250
Total VPN Peers : 250
Shared License : Disabled
AnyConnect for Mobile : Enabled
AnyConnect for Linksys phone : Enabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Enabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled

This platform has a Base license.

Serial Number: JMX1439L19W
Running Activation Key: 0x661cc966 0x842d2566 0x48d1e144 0x88a884c8 0xc13d1e94
Configuration register is 0x1

there are two any connect count
one the ASA up limit of any connect can connect any time and this for your case ASA5510 is 250 
other is what your license give you, 
for the license try 


UPDATE I FOUND THE COMMAND GIVE YOU FULL INFO OF LICENSE

ASA(config)# sh vpn-sessiondb license-summary

Aref Alsouqi
Rising star
Rising star

Although the ASA would show that amount of available licenses, you should still use the amount of licenses you purchase. In your case you purchased 25 plus licenses, and that should be the maximum amount of users that would need to be connected concurrently to the firewall at any given time. You would see similar behaviour on the FTDs where the show command would show you something different than what you purchased.

Thanks Aref.

Rob Ingram
VIP Expert VIP Expert
VIP Expert

@vitumbiko nkhwazi Complying with the unique/authorized user counts and term limits are honor system and are not physically enforced by the ASA or AnyConnect. https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200191-AnyConnect-Licensing-Frequently-Asked-Qu.html

 

You are only licensed for 25 AnyConnect connections, but the ASA 5510 supports up to 250 maximum VPN connections. 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: