Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3726
Views
0
Helpful
10
Replies

Cisco Anyconnect/WebVPN License for ASA 5510

Go to solution
lili Vachon
Level 1
Level 1

‎12-03-2014 10:02 PM - edited ‎02-21-2020 07:57 PM

Hello,

 

Could any one please check the licensing attachment for ASA 5510 and let me know. Currently we have ASA 5510 with base license. According to the attached table under VPN sessions it mentions that " 250 combined IPSec and WebVPN SESSIONS" and at "Max. WebVPN Session" box it is mentioned only 2 session, exceeding that we have to purchase optional webvpn license. So as we have 250 combined license for IPSec and webVPN. Do we have to purchase additional anyconnect license in order to configure remote access for the users who want use internal resources from outside the network. Orelse we don't have to purchase license and can configure webvpn/anyconnect users from existing combined license existing ASA base license? Waiting for your response. Thank you.

 

 

Labels:
Preview file
115 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to lili Vachon

‎12-05-2014 06:00 AM

You're welcome.

1. Yes

2. AnyConnect does not require Java but it can optionally use it when connecting to the an AnyConnect client-based SSL VPN and launching via the Java web start browser option. There were some bug with older AnyConnect versions bu the latest ones should have addresses that. You also have the option of launching via IE and using the ActiveX method or simply launching AnyConnect directly - neither of those two methods require Java.

Here is a TAC document on the Java issues if you want more detail.

 

Please take a moment to rate helpful posts and mark your questions as answered.

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-04-2014 07:00 AM

The attached graphic uses the old "WebVPN" name. That is what is currently known as AnyConnect Premium and used primarily for clientless SSL VPN (i.e remote access VPN via your browser into a web portal). It is licensed per user in the increments shown in the graphic (with 2 users included in the base license - primarily for evaluation use).

A Basic SSL VPN using the AnyConnect client is licensed via the purchase and activation of an AnyConnect Essentials license. That will enable remote access VPN using the AnyConnect client software. It is licensed for the platform and on a 5510 will support up to 250 simultaneous users.

0 Helpful

Go to solution
lili Vachon
Level 1
Level 1
In response to Marvin Rhoads

‎12-04-2014 08:50 AM

Hello Marvin,

 

Thank you for the reply. We have 5510 and it came with base license. I want to use anyconnect to connect Internal hosts and access windows RDC. So will base license will be enough till 250 combined sessions. Orelse I have to purchase anyconnect permium or Anyconnect essential license. We have 60+ users who want to access our Internal resources while they are outside the network using anyconnect. 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to lili Vachon

‎12-04-2014 11:36 AM

No.

The base license will not support 250 AnyConnect clients - only 2 plus any IPsec VPNs (site-site or the discontinued Cisco IPsec client) up to 250 total.

To use more than the 2 included "SSL VPN" licenses you need to decide on either:

a. AnyConnect Essentials (one license covers all your AnyConnect clients up to the capacity of the ASA - 250 in your case) or

b. AnyConnect Premium (licensed per user in tiers of 10. 25. 50 etc.). Premium clients can (somewhat confusingly) either use the AnyConnect client (with premium features such as Dynamic Access Policies enabled) or the clientless method which only requires a web browser.

0 Helpful

Go to solution
lili Vachon
Level 1
Level 1
In response to Marvin Rhoads

‎12-04-2014 07:31 PM

Hello Marvin,

 

Thank you so much for the reply marvin. It explains very clear. Looks like anyconnect essentials is good for us.

 

a) I understand once we activate anyconnect essential, those 2 anyconnect  premium SSL VPN sessions will be disabled. So once we activate Anyconnect essential license  "If we have a bunch of other VPN's (including IPSEC ones), then these are taken from the existing 250 combined licenses and anyconnect will be connected from that existing 250 peers. Is that right?

 

b) Also could you please let me know does anyconnect client VPN requires Java in order to connect to our head quarters? If, yes could you please let me know minimum Java version it supports?

 

Thank you. 

 

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to lili Vachon

‎12-05-2014 06:00 AM

You're welcome.

1. Yes

2. AnyConnect does not require Java but it can optionally use it when connecting to the an AnyConnect client-based SSL VPN and launching via the Java web start browser option. There were some bug with older AnyConnect versions bu the latest ones should have addresses that. You also have the option of launching via IE and using the ActiveX method or simply launching AnyConnect directly - neither of those two methods require Java.

Here is a TAC document on the Java issues if you want more detail.

 

Please take a moment to rate helpful posts and mark your questions as answered.

0 Helpful

Go to solution
lili Vachon
Level 1
Level 1
In response to Marvin Rhoads

‎12-05-2014 11:04 AM

Dear Marvin,

 

You were very helpful. It is good if we don't use any connect with Java. Because in our organization Oracle ERP is being used with old version of Java which is 1.6 and it is a big pain for us. If we install latest java for anyconnect Oracle ERP will not work. So shall we go ahead and purchase "Cisco L-ASA-AC-E-5510" part number for anyconnect essentials license. Could you please let me know its validity too?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to lili Vachon

‎12-05-2014 11:20 AM

Yes, that's almost correct - when you buy the license separately, the part number has an "=" at the end.

It's actually the newer Java versions that can cause issues with the Web Launch bits. Java 1.6 should not give AnyConnect any problems.

0 Helpful

Go to solution
lili Vachon
Level 1
Level 1
In response to Marvin Rhoads

‎12-05-2014 05:31 PM

One last question. The license is valid for year or lifetime? 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to lili Vachon

‎12-05-2014 07:29 PM

AnyConnect Essentials is a permanent license.

To be eligible to upgrade it, you need to have a current support contract for your ASA associated with your CCO (cisco.com) userid. 

Note that Cisco is in the process of changing AnyConnect licensing as of November 2014. The new AnyConnect Plus will replace Essentials (and Mobile) and will be offered is 1, 3, 5 year or perpetual license versions. More info is in the ordering guide.

0 Helpful

Go to solution
lili Vachon
Level 1
Level 1
In response to Marvin Rhoads

‎12-05-2014 10:55 PM

Thank you so much for the valuable reply. We will go ahead with Anyconnect essentials "L-ASA-AC-E-5510=" as it is easy to purchase from amazon or Ebay and it is being sell by Cisco. I cannot find anyconnect plus license on ebay or amazon. 

0 Helpful
Customers Also Viewed These Support Documents