Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1299
Views
0
Helpful
3
Replies

Cisco Anyconnect License

Go to solution
abimadaro4462
Level 1
Level 1

‎02-18-2021 02:16 AM

Hello,

We are planning to order Cisco ASA to be used as VPN firewall, what is the best option of the AnyConnect license? noting that only VPN is required.

Should we go with VPN Only license? in our case we will have cluster of two firewalls, so 2 licenses will be required.

or should we go with another option that might be much more flexible as AnyConnect plus license ?

 

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-20-2021 06:21 AM

Correct - VPN Only can only be installed on a given firewall. However as long as one member of an HA pair has it, the HA pair will provide remote access VPN. If The member with the license is removed altogether, the remaining unit will continue to operate with the license for 30 days. If it was due to an RMA, Cisco will allow rehosting of the license to the replacement appliance.

For all other license type (Plus and Apex), the license can be installed on multiple firewalls (even at different locations) as long as the total of unique users does not exceed the number of licenses.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-18-2021 02:42 AM

Cisco AnyConnect licenses are shared between your HA- Pair. You do not require to buy licenses for the standby unit.

 

what License you need based on the business requirement  and compliance you like to implement :

 

some FAQ :

 

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200191-AnyConnect-Licensing-Frequently-Asked-Qu.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
abimadaro4462
Level 1
Level 1
In response to balaji.bandi

‎02-18-2021 02:49 AM

Thanks for your reply, based on the link you've just shared, please note the below

"The VPN-only are applied per individual ASA and there is no sharing of licenses between ASAs, unlike AnyConnect Plus and Apex, which provide this capability. For active/standby pairs, only the primary headend is required to have a VPN Only license"

which means, I still need two license files in case of VPN Only license, correct ?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-20-2021 06:21 AM

Correct - VPN Only can only be installed on a given firewall. However as long as one member of an HA pair has it, the HA pair will provide remote access VPN. If The member with the license is removed altogether, the remaining unit will continue to operate with the license for 30 days. If it was due to an RMA, Cisco will allow rehosting of the license to the replacement appliance.

For all other license type (Plus and Apex), the license can be installed on multiple firewalls (even at different locations) as long as the total of unique users does not exceed the number of licenses.

0 Helpful
Customers Also Viewed These Support Documents