07-04-2020 02:41 AM
Hi everyone
First of all i hope you all are safe from this pandemic.
I saw following link about "Emergency COVID-19 AnyConnect License". would you please anyone confirm this procedure is working for multiple context ASA-SM also? and what part numbers should i order after 90 days?
For the record, I am using 2 ASA-SM in multiple context mode. i have a RA-Context for Anyconnect.
L-AC-APX-3Y-S1 -> Cisco AnyConnect Apex License, 3YR, 25-99 Users
L-AC-APX-LIC= -> Cisco AnyConnect Apex Term License, Total Authorized Users
L-AC-PLS-3Y-S1 -> Cisco AnyConnect Plus License, 3YR, 25-99 Users
L-AC-PLS-LIC= -> Cisco AnyConnect Plus Term License, Total Authorized Users
Thanks in advance.
Solved! Go to Solution.
07-05-2020 04:41 AM
As you discovered, using remote access SSL VPN with multiple context mode on any ASA platform requires AnyConnect Apex licensing.
You cannot use AnyConnect Plus licensing of any type (term or perpetual).
AnyConnect 4.x term license PAKs can be redeemed on multiple physical appliances as it is licensed per unique user not per device. So you buy licenses according to the number of users you have and then redeem the single PAK for both the Primary and Secondary unit in your HA pair.
07-04-2020 05:40 AM
Both will do the same job - here is FAQ :
07-04-2020 11:05 PM
Thanks for your replay balaji.bandi,
looks like my multiple context asa-sm clearly need AnyConnect Apex.
here is the log:
Group <XXXXX> User <XXX> IP <x.x.x.x> Session terminated, no AnyConnect Apex license available.
also i find out in many documents that apex license is required for Anyconnect in multiple context mode.
if they both doing same job, is it possible to get AnyConnect Plus perpetual license instead of Apex Term License in multiple context scenario?
And just one more question. Should i order AnyConnect Plus/Apex Licenses for each pair of physical asa-sm separately in case of failover or just for primary asa-sm. what is the exact procedure?
There is two way in my mind, i don't know which way should i go.
1-if i get 2 separate PAK and active one with active asa-sm serial number and second one with standby unite serial number.
2-order 1 PAK, in time of activation i should register both active and standby units serial numbers in one PAK activation, and install lic file/activation code on both chassis.
would you please help which one is the correct approach?
Thanks for you time.
07-05-2020 01:14 AM
APEX most of the time used for posture checks, are you doing in your environment :
Can you give us more information before we can guide better - i have only provided the use case of the license information you have asked in the original post.
Please do explain more about your setup - apart from multi-context.
or contact the License team / Local cisco partner they can suggest to you better after auditing your environment.
07-05-2020 04:41 AM
As you discovered, using remote access SSL VPN with multiple context mode on any ASA platform requires AnyConnect Apex licensing.
You cannot use AnyConnect Plus licensing of any type (term or perpetual).
AnyConnect 4.x term license PAKs can be redeemed on multiple physical appliances as it is licensed per unique user not per device. So you buy licenses according to the number of users you have and then redeem the single PAK for both the Primary and Secondary unit in your HA pair.
07-05-2020 07:34 AM
Thank you Marvin Rhoads, that was a clear crystal answer like ever sir. I am going to get an Emergency COVID-19 AnyConnect License first after that i hope we can order apex license to continue our business.
Thanks for your time.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide