02-18-2021 02:16 AM
Hello,
We are planning to order Cisco ASA to be used as VPN firewall, what is the best option of the AnyConnect license? noting that only VPN is required.
Should we go with VPN Only license? in our case we will have cluster of two firewalls, so 2 licenses will be required.
or should we go with another option that might be much more flexible as AnyConnect plus license ?
Thanks!
Solved! Go to Solution.
02-20-2021 06:21 AM
Correct - VPN Only can only be installed on a given firewall. However as long as one member of an HA pair has it, the HA pair will provide remote access VPN. If The member with the license is removed altogether, the remaining unit will continue to operate with the license for 30 days. If it was due to an RMA, Cisco will allow rehosting of the license to the replacement appliance.
For all other license type (Plus and Apex), the license can be installed on multiple firewalls (even at different locations) as long as the total of unique users does not exceed the number of licenses.
02-18-2021 02:42 AM
Cisco AnyConnect licenses are shared between your HA- Pair. You do not require to buy licenses for the standby unit.
what License you need based on the business requirement and compliance you like to implement :
some FAQ :
02-18-2021 02:49 AM
Thanks for your reply, based on the link you've just shared, please note the below
"The VPN-only are applied per individual ASA and there is no sharing of licenses between ASAs, unlike AnyConnect Plus and Apex, which provide this capability. For active/standby pairs, only the primary headend is required to have a VPN Only license"
which means, I still need two license files in case of VPN Only license, correct ?
02-20-2021 06:21 AM
Correct - VPN Only can only be installed on a given firewall. However as long as one member of an HA pair has it, the HA pair will provide remote access VPN. If The member with the license is removed altogether, the remaining unit will continue to operate with the license for 30 days. If it was due to an RMA, Cisco will allow rehosting of the license to the replacement appliance.
For all other license type (Plus and Apex), the license can be installed on multiple firewalls (even at different locations) as long as the total of unique users does not exceed the number of licenses.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide