Solved: Re: How Many Anyconnect Plus/Apex License do i need to buy for a FTD HA pair - Page 2

Jing Hong Li · ‎04-26-2018

Hi All,

Just want to know how many anyconnect Plus/Apex License do i need to buy for a FTD HA pair ?

one each anyconnect License for FTD in a HA pair, or just buy one for the FTD primary ?

Thanks!

Marvin Rhoads · ‎05-03-2019

Remote access VPN ("AnyConnect") on ASA can be configured to use SSL or IPsec (with IKEv2). Those both require AnyConnect licenses.

IPsec IKEv1 can be configured but it uses the legacy (long end of sales and not supported) Cisco VPN client (or a 3rd party client like Shrewsoft) .

drivera_ · ‎05-06-2019

Thank you so much for your answer. What about IPsec-IKEv2 with anyconnect? Can I chose only that option (no chosing SSL) for creating an anyconnect vpn profile on FTD? should I chose both SSL and IPsec-IKEv2 for anyconnect vpn works? I've been trying to do that but anyconnect client always said "connection attempt failed".

Marvin Rhoads · ‎05-06-2019

Whatever transport protocol you use, it requires AnyConnect licensing on the FTD appliance.

It is possible to use IPsec IKEv2 only (albeit still with licenses); but it's generally much more challenging as some bits that we normally take for granted (such as the web portal for initial connection and client profile updates) rely on SSL/TLS and disabling that altogether makes those components non-functional.

drivera_ · ‎05-21-2019

Hi, Marvin

Thank you for your answer. It's more clear now.