cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
944
Views
0
Helpful
4
Replies

Cisco Anyconnect License Upgrade Questions

rfranzke
Level 1
Level 1

Greetings all,

So we currently have an ASA 5515-X Failover pair running at one of our sites. This serves as a VPN gateway for our users. I am in the process of migrating users from the old Cisco VPN client to the newer Cisco Anyconnect client. I have anyconnect setup and working. I discovered during this process that in order to support TLS 1.1 and up using the Anyconnect client, you would need to use the newer Anyconnect 4.0 client. In order to use this client, you need to have something called an 'Anyconnect Plus' license which I think was a recent change back in 2014. We currently have the Anyconnect Essentials license installed on the ASA pair. I found out that not only is there an upgrade license available to upgrade to Anyconnect Plus, but the Anyconnect Plus license is subscription based now. Boo Cisco. But thats another discussion.

I went ahead and reluctantly purchased the upgrade license to upgrade to Anyconnect Plus. I am trying to understand however the affects of installing this license in terms of the current VPN functionality. We currently offer the following VPN options for our users:

RA IPSEC (IKE v1via old client)

RA IPSEC (L2TP via Windows client)

SSL (Anyconnect 3.0)

We also use a P2P IPSEC tunnel (IKEv1 PSK) between two sites to serve as a backup link when our primary site to site link fails.

So would anyone know what the affect on current VPN functionality would be when installing my upgrade license? Does it disable older IPSEC IKEv1 functionality? As I said I would like to migrate users to the newer platform but need the older client to still work until that can be done. I have this in my configuration currently:

webvpn

    anyconnect-essentials

What happens to that command when I apply the new license?

Appreciate any help here. Thanks.

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

Adding the new activation key and provisioning the 4.x client will not in any way affect the IKEv1, L2TP or SSL VPN. 'AnyConnect-essentials' remains an active and valid command  

It will give the ability as you need to activate the advanced security features that require the 4.x client. 

View solution in original post

4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

Adding the new activation key and provisioning the 4.x client will not in any way affect the IKEv1, L2TP or SSL VPN. 'AnyConnect-essentials' remains an active and valid command  

It will give the ability as you need to activate the advanced security features that require the 4.x client. 

Excellent. Thanks so much for the reply here Marvin. Appreciate the help.

What happens when you try to connect a client w/ AnyConnect 4.x to an ASA that only has hte legacy AnyConnect premium licenses for 3.x?

It works just fine. The only limitation is that 4.x-specific remote access VPN features cannot be configured on the ASA. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: