cisco router, ios and anyconnect licensing

andrew_xfeel · ‎04-21-2016

HI ! My company not long ago bought one of the cisco routers, it is 1921 with security feature. I've setup firewall on it and would like to use vpn feature for remote workers to be able to connect to corporate servers, etc. I choose annyconnect, since the good old cisco's vpn client died along with win 10. Everything would be great, however after reading cisco's manuals I got lost because I don't know whether I can or not use anyconnect. my software is c1900-universalk9-mz.SPA.154-3.M2.bin, and when I looked to the CISCO FEATURE NAVIGATOR I found something like "ssl vpn anyconnect client support.

Can I configure it on the router? Or do I need to buy additional software to run? Please help, I need to setup vpn for my users.

Regards and thanks for all replies.

Andrew

Philip D'Ath · ‎04-21-2016

If you have a security licence the IOS then all the commands needed will be enabled. You also require an AnyConnect VPN client, otherwise you might be limited to two concurrent users.

You can check you have a security licence (and that it is enabled) with:

show license 
...
Index 2 Feature: securityk9 
 Period left: Life time
 License Type: Permanent
 License State: Active, In Use
 License Count: Non-Counted
 License Priority: Medium

andrew_xfeel · ‎04-22-2016

Thanks! "show license" gave me the following results. So according to my router it should be ok. How about Anyconnect VPN Client? Do I need to buy it? Or it is free to download? What do you mean by writing "otherwise you might be limited to two concurrent users"

And, which version of anyconnect should I download form cisco site ? I tried version 4.1 pkg, but in ccp I was given an info that this version is invalid for my router.

Basically, people must have access to the corporate network, be able to run software client that connects to mysql database located in internal network, access file server etc.(everything runs on windows 2012r2 )

I had the idea of running vpn server on windows 2012(and make zbf as pass-through)), but due to fact that I can only have two virtual machines on my physical server(yes, it's standard licence) I would have to put vpn server along with file or database resources, and don't know if it is safe.

show license:

Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: securityk9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 3 Feature: datak9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 4 Feature: NtwkEssSuitek9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 5 Feature: ios-ips-update
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 6 Feature: hseck9
Index 7 Feature: mgmt-plug-and-play
Index 8 Feature: mgmt-lifecycle
Index 9 Feature: mgmt-assurance
Index 10 Feature: mgmt-onplus
Index 11 Feature: mgmt-compliance

Regards,

Philip D'Ath · ‎04-22-2016

To get the Cisco Anyconnect VPN client you need a current Cisco maintenance contract, such as a SmartNet. This gives you the ability to download AnyConnect from Cisco to either put onto your router for distribution to clients, or for you to distribute directly.

Fotiosmark · ‎09-11-2018

Hello Philip,

As well I am a bit confused on the licencing for anyconnect.
I have a cisco1841-advipservicesk9-mz.124-22.T1.bin
If I configure it for Webvpn it will get me the Eval licence. I am wondering if I buy a licence how to install it, or does it come as an IOS image from the cisco site embeded?

Thanks