cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7769
Views
0
Helpful
1
Replies

How many max VPN session is my ASA

cwhlaw2009
Level 1
Level 1

This is my ASA5512 VPN show version

"Other VPN Peers : 250" mean I can use 250 IPSEC session ? If I use Cisco AnyConnect Secure Mobility Client still MAX 250 VPN session ?
"Total VPN Peers : 250" mean I can use 2 Anyconnect premium + 248 IPSEC session or 250 IPSEC session in same time ?

"AnyConnect for Mobile : Disabled" mean I can't use AnyConnect Secure Mobility Client (smartphone apps) connect to ASA by AnyConnect SSL ? Can I use AnyConnect Secure Mobility Client (smartphone apps) connect to ASA by IPSEC?

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual

THX

1 Accepted Solution

Accepted Solutions

Boris Uskov
Level 4
Level 4

Hello!

ASA5512 can hold up to 250 simultaneous VPNs of any type: IPsec Site-to-Site or IPsec Remote access, or Anyconnect VPNs using SSL or IPsec IKEv2, or even Clientless VPNs.

That means, that you can use 2 Anyconnect premium + 248 IPSEC Site-to-Site VPNs. Or, for example, 200 simultaneous IPsec Site-to-Site VPNs + 25 VPN Client (IPsec IKEv1) + 25 AnyConnect VPNs (SSL or IPsec IKE v2). But no more then 250 at the same time.

"AnyConnect for Mobile" is currently out-of-date license. The license schema for Anyconnect was changed dramatically at the beginning of 2015. You can check the new schema here:

http://www.cisco.com/c/dam/en/us/products/security/anyconnect-og.pdf

With new schema, if you need to connect mobile devices (iOS, Android and so on), using Anyconnect client, you just need to have Anyconnect PLUS license for neccessary amount of users/devices. Anyconnect Plus license will open following lines in the output of show version:

AnyConnect Premium Peers : 250 perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual

But, in spite of the output "AnyConnect Premium Peers : 250 perpetual", you will have the right to use not more then ordered amount...

If you need some advanced features, for example, Suite B Cryptography or Clientless VPNs, you need to order Anyconnect Apex license for neccessary amount of users/devices.

For ASA5512 you need to order Anyconnect Plus or Apex licenses, but no more then for 250 users, because ASA5512 won't support more then 250 simultaneous connections.

If you want to use Anyconnect client for mobile devices, and you are going to use IPsec IKEv2 for VPNs, you also will need to order Anyconnect Plus or Apex licenses.

Hope this helps.

View solution in original post

1 Reply 1

Boris Uskov
Level 4
Level 4

Hello!

ASA5512 can hold up to 250 simultaneous VPNs of any type: IPsec Site-to-Site or IPsec Remote access, or Anyconnect VPNs using SSL or IPsec IKEv2, or even Clientless VPNs.

That means, that you can use 2 Anyconnect premium + 248 IPSEC Site-to-Site VPNs. Or, for example, 200 simultaneous IPsec Site-to-Site VPNs + 25 VPN Client (IPsec IKEv1) + 25 AnyConnect VPNs (SSL or IPsec IKE v2). But no more then 250 at the same time.

"AnyConnect for Mobile" is currently out-of-date license. The license schema for Anyconnect was changed dramatically at the beginning of 2015. You can check the new schema here:

http://www.cisco.com/c/dam/en/us/products/security/anyconnect-og.pdf

With new schema, if you need to connect mobile devices (iOS, Android and so on), using Anyconnect client, you just need to have Anyconnect PLUS license for neccessary amount of users/devices. Anyconnect Plus license will open following lines in the output of show version:

AnyConnect Premium Peers : 250 perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual

But, in spite of the output "AnyConnect Premium Peers : 250 perpetual", you will have the right to use not more then ordered amount...

If you need some advanced features, for example, Suite B Cryptography or Clientless VPNs, you need to order Anyconnect Apex license for neccessary amount of users/devices.

For ASA5512 you need to order Anyconnect Plus or Apex licenses, but no more then for 250 users, because ASA5512 won't support more then 250 simultaneous connections.

If you want to use Anyconnect client for mobile devices, and you are going to use IPsec IKEv2 for VPNs, you also will need to order Anyconnect Plus or Apex licenses.

Hope this helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: