Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2502
Views
5
Helpful
8
Replies

ASA License Security Plus but only 2 Connections

gaigl
Level 3
Level 3

‎07-22-2015 04:05 AM

Hello,

 

we've a got an ASA5510 active/standby cluster with a Security Plus license for 50 Anyconnect Premium Peers, but after 2 active connections, I've got a "login failed" with the message on the ASA: "Session could not be established: session limit of 2 reached."

 

with a "sh activation-key detail" I get (only parts):

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 100            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 50             perpetual

 

 

This platform has an ASA 5510 Security Plus license.

...

AnyConnect Premium Peers          : 52             perpetual

...

This platform has an ASA 5510 Security Plus license.

...

The flash permanent activation key is the SAME as the running permanent key.

 

Any ideas, how to solve?

 

thanks

 

Karl

Labels:
0 Helpful
8 Replies 8

gaigl
Level 3
Level 3

‎07-22-2015 05:40 AM

Update:

Now I updated the ASA's from 9.0.4 to 9.1(6)6 but them same problem.

Karl

0 Helpful

jan.nielsen
Level 7
Level 7
In response to gaigl

‎07-22-2015 05:48 AM

does a show ver include this as well :

 

AnyConnect Essentials          : Enabled

0 Helpful

gaigl
Level 3
Level 3
In response to jan.nielsen

‎07-22-2015 05:51 AM

Hi jan,

 

no, it's disabled.

do Ineed this also? Do I need another License?

 

thanks

 

Karl

0 Helpful

jan.nielsen
Level 7
Level 7
In response to gaigl

‎07-22-2015 06:05 AM

Thats fine, you don't need essentials, it was just to check that it wasn't enabled, because then you premium licenses wouldn't be in use. I seem to recall that there is somewhere that you select if you wan't to use essentials or premium license, but i can't remember it right now, let me check and i will get back to you later.

0 Helpful

jan.nielsen
Level 7
Level 7
In response to jan.nielsen

‎07-22-2015 06:07 AM

Maybe try this :

 

By default, the ASA uses the AnyConnect Essentials license, but you can disable it to use other licenses by using the no anyconnect-essentials command or in ASDM, using the Configuration > Remote Access VPN > Network (Client) Access > Advanced > AnyConnect Essentials pane.

0 Helpful

gaigl
Level 3
Level 3
In response to jan.nielsen

‎07-22-2015 06:16 AM

in CLI: "/act/pri(config-webvpn)# no anyconnect-essentials
ERROR: Command requires AnyConnect Essentials license

 

 

in ASDM there is no AnyConnect Essentials Pane

0 Helpful

gaigl
Level 3
Level 3
In response to gaigl

‎07-23-2015 04:04 AM

Now I've got it:

Under "Remote Access VPN -> Advanced" there's an item: Maximum VPN Sessions, I have to put in the 50 or more sessions.

 

blame on me!

 

Karl

 

edit:

in CLI: vpn-sessiondb max-anyconnect-premium-or-essentials-limit 52

Douglas Holmes
Level 1
Level 1
In response to jan.nielsen

‎07-22-2015 06:21 AM

With advanced encryption on the ASA5510 you get two premium licenses.  But your license is for 52.  This is for IPSEC with AnyConnect.  Essentials is for SSL VPN.  If you want to use the premium license with AnyConnect you have to disable as indicated above the essentials licenses.  So far I just repeated everyone else.

Do both ASA devices have the same license?  And do you have this in your config:

webvpn
 no anyconnect-essentials

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents