11-05-2015 09:34 AM - edited 02-21-2020 08:32 PM
Greetings all,
So we currently have an ASA 5515-X Failover pair running at one of our sites. This serves as a VPN gateway for our users. I am in the process of migrating users from the old Cisco VPN client to the newer Cisco Anyconnect client. I have anyconnect setup and working. I discovered during this process that in order to support TLS 1.1 and up using the Anyconnect client, you would need to use the newer Anyconnect 4.0 client. In order to use this client, you need to have something called an 'Anyconnect Plus' license which I think was a recent change back in 2014. We currently have the Anyconnect Essentials license installed on the ASA pair. I found out that not only is there an upgrade license available to upgrade to Anyconnect Plus, but the Anyconnect Plus license is subscription based now. Boo Cisco. But thats another discussion.
I went ahead and reluctantly purchased the upgrade license to upgrade to Anyconnect Plus. I am trying to understand however the affects of installing this license in terms of the current VPN functionality. We currently offer the following VPN options for our users:
RA IPSEC (IKE v1via old client)
RA IPSEC (L2TP via Windows client)
SSL (Anyconnect 3.0)
We also use a P2P IPSEC tunnel (IKEv1 PSK) between two sites to serve as a backup link when our primary site to site link fails.
So would anyone know what the affect on current VPN functionality would be when installing my upgrade license? Does it disable older IPSEC IKEv1 functionality? As I said I would like to migrate users to the newer platform but need the older client to still work until that can be done. I have this in my configuration currently:
webvpn
anyconnect-essentials
What happens to that command when I apply the new license?
Appreciate any help here. Thanks.
Solved! Go to Solution.
11-05-2015 09:41 PM
Adding the new activation key and provisioning the 4.x client will not in any way affect the IKEv1, L2TP or SSL VPN. 'AnyConnect-essentials' remains an active and valid command
It will give the ability as you need to activate the advanced security features that require the 4.x client.
11-05-2015 09:41 PM
Adding the new activation key and provisioning the 4.x client will not in any way affect the IKEv1, L2TP or SSL VPN. 'AnyConnect-essentials' remains an active and valid command
It will give the ability as you need to activate the advanced security features that require the 4.x client.
11-06-2015 08:33 AM
Excellent. Thanks so much for the reply here Marvin. Appreciate the help.
11-10-2015 07:55 AM
What happens when you try to connect a client w/ AnyConnect 4.x to an ASA that only has hte legacy AnyConnect premium licenses for 3.x?
11-11-2015 03:44 AM
It works just fine. The only limitation is that 4.x-specific remote access VPN features cannot be configured on the ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide