Showing results for 
Search instead for 
Did you mean: 
Cisco Employee

Is this an AnyConnect Premium License?

We recently had an AnyConnect Premium license expire somehow... The first replacement license I received was for AnyConnect Essentials. I requested another license- specifically an AnyConnect Premium this time. Is that what this is? It doesn't explicitly say "Premium" (I am obtaining these licenses through a corporate support group and am not dealing with Cisco directly on this):

Activated License Features

Platform: ASA-5540 
Platform License: N/A 
Desired Host Limit: N/A 
Enable VPN-3DES-AES: Yes 
Enable GTP / GPRS: Yes 

Enable Advanced Endpoint Assessment: Yes 
Enable AnyConnect Mobile: Yes 
Enable AnyConnect Essentials: No 
Enable Botnet Traffic Filter: No
SSL VPN License Seats: 2500 
Security Contexts: 50 
UC Proxy Limit: 100 
Multi-Site Support: No 
Multi-Site Server: N/A 
Desired Multi-site SSL VPN License: N/A 
Cisco VPN Phone: Yes
Intercompany Media Engine: No 
Enable Cluster: Yes 
IPS Module: No 
Time-based License Length (weeks): Permanent

Thank you in advance

James Davies

what does the "sh license" command tell you?

it should say there what you have and how many anyconnect connections you can have.

Apparently no "show license" for ASA 9.1(6)6:

ASA# show li?
ERROR: % Unrecognized command

There is a "show shared license" without any output:

ASA# show shared license

The "show activation-key" after I loaded the key doesn't look too good to me:

This platform has an ASA 5540 VPN Premium license.

The flash permanent activation key is DIFFERENT from the running permanent key.
Flash Activation Key: 0x1a1ac554 0x8843feb4 0xd5236d6c 0xfbc0dc80 0x4623cda4 

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 0              perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
Encryption-DES                    : Disabled       perpetual
Encryption-3DES-AES               : Disabled       perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 0              perpetual
AnyConnect Essentials             : 2500           perpetual

Other VPN Peers                   : 0              perpetual
Total VPN Peers                   : 5000           perpetual

Marvin Rhoads
VIP Community Legend

That "show activation-key" output definitely indicates you do NOT have AnyConnect Premium.

By the way any new licenses going forward will be either AnyConnect Plus or Apex as far as purchasing goes.

The old Essentials and Premium packaging is no longer sold, even though it continues (for now) to be shown as such in the "show" outputs.

We use a lot of the new APEX licenses.  They are five year then you have to renew.  When you install an APEX license there is nothing in the configuration to show an "APEX" license.

Your "AnyConnect Premium Peers" will go up to max no matter how many APEX user licenses you installed.  Example is I installed an APEX 25 user license for a customer on an ASA5525.  Premium Peers went from 2 to 750.  It is my understanding that for number of  users on APEX it is on the honor system for now.  My installations bear this out.  


Apex (and Plus) licenses come in 1-, 3- and 5-year term subscription options. There is also a perpetual license offering for AnyConnect Plus.

You're correct that there's currently no technical enforcement of the license count. This will likely change at some point in the future.

Thanks.  We have been buying only the five year licenses.  I will have to call out my Cisco rep.  Thanks very much for the information.  I use ASA's a lot, but mostly as VPN (IPSEC only) Devices and rarely as a firewall.  A very laser like focus.  Big AnyConnect user and also strongSwan.  

We have purchased APEX25 user license but it seems it didn't take effect after applying the license key. it now shows AnyConnect Premium Peers : 750  but it only allows up to 4 concurrent anyconnect connections.

Are there some workaround on this?

orthicon2009  ,

Can you check to make sure you haven't enabled "anyconnect-essentials"?

('show run | i anyconnect')

To turn off:

 no anyconnect-essentials

And thanks Mr Rhoads for your input.  Although the question didn't arrive from me, you taught me that APEX can come in shorter period licenses 1,3,5.  We were getting the five year ones just because we thought that's all there was. 

Hi Marvin,

Here's the show run output from our firewall

# show run | i anyconnect
vpn-sessiondb max-anyconnect-premium-or-essentials-limit 4
 anyconnect image disk0:/anyconnect-win-2.5.3055-k9.pkg 1
 anyconnect profiles RA_VPN_PROF disk0:/ra_vpn_prof.xml
 anyconnect enable
  anyconnect profiles value RA_VPN_PROF type user

The command that's limiting you is:

vpn-sessiondb max-anyconnect-premium-or-essentials-limit 4

This command is mainly used in the old VPN clustering solution where we would spread VPN users across a set of firewalls and wanted to limit the number on a given firewall.

To get the full use of your licensed limit, you should enter:

no vpn-sessiondb max-anyconnect-premium-or-essentials-limit

Hi Marvin, Sorry for the late reply. VPN max concurrent session is working now. Thanks. :) BTW. I have another FW issue but I'll post it in another thread.

You're welcome. Please rate any helpful reply. 

Done. :)

Content for Community-Ad