Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2058
Views
0
Helpful
4
Replies

Memory requirement for anyconnect VPN on ASA?

SIMMN
Spotlight
Spotlight

‎04-09-2012 07:30 AM - edited ‎02-21-2020 06:00 PM

Hey,  all

If you have experience with Cisco anyconnect VPN on ASA, please share some light.

I am trying to load the anyconnect VPN client package v3 for windows and Mac on ASA 5510. The ASA has 256MB for RAM and Flash. After I uploaded pkg files and selected the 2 files and applied from ASDM, ASDM spots responding...

I tried to tftp the running config from ASA to my laptop to analyse but got "No memory available" message...

So it seems like the "unzip" process of the pkg files used up memory... what is really the requirement of the mini Memory/RAM on ASA for hosting anyconnect Clients for 2 OS platform? Requirement on Cisco web site is kind of vague.

Thanks.

/S

Labels:
0 Helpful
4 Replies 4

Javier Portuguez
Level 9
Level 9

‎04-12-2012 07:40 PM

Dear Shuai,

Could you please include the "show version" output (remove the serial number)?

We need to know the code version of the ASA vs the hardware capabilities.

Even though the AnyConnect client 3.x connects fine to almost any ASA running 8.x, the package is intended for 8.4 since many features / components are too advanced for previous releases.

So, do you need the 3.x release? Is there any special feature?

At this point, I would suggest trying with 2.5.

Please let me know if you have any questions.

Thanks.

0 Helpful

SIMMN
Spotlight
Spotlight
In response to Javier Portuguez

‎04-13-2012 05:04 AM

Hey, Javier

Before I jump on ASA to capture the command output, can you help me confirm if anyconnect VPN is a licensed feature?

Thanks,

0 Helpful

Javier Portuguez
Level 9
Level 9
In response to SIMMN

‎04-13-2012 05:18 AM

Hi Shuai,

A Base license allows two simultaneous SSL connections (AnyConnect or WebVPN).

To increase that number you would need to pruchase a license.

http://www.cisco.com/en/US/docs/security/asa/asa82/license/license82.html#wp115318

So, yes it is a licensed feature, but the ASA gives the chance to connect up to two connections prior to purchasing more licenses.

I hope it helps.

0 Helpful

SIMMN
Spotlight
Spotlight
In response to Javier Portuguez

‎04-13-2012 05:30 AM

Here is the output from the "sh ver" on my test ASA:

+++++++++++++++++++++++++++++++++++++++++++++++

Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(7)

Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 18 hours 14 mins

Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05

0: Int: Internal-Data0/0    : address is 0021.55fb.04d5, irq 11
1: Ext: Ethernet0/0         : address is 0021.55fb.04cd, irq 255
2: Ext: Ethernet0/1         : address is 0021.55fb.04ce, irq 255
3: Ext: Ethernet0/2         : address is 0021.55fb.04cf, irq 255
4: Ext: Ethernet0/3         : address is 0021.55fb.04d0, irq 255
5: Ext: Ethernet0/4         : address is 0021.55fb.04d1, irq 255
6: Ext: Ethernet0/5         : address is 0021.55fb.04d2, irq 255
7: Ext: Ethernet0/6         : address is 0021.55fb.04d3, irq 255
8: Ext: Ethernet0/7         : address is 0021.55fb.04d4, irq 255
9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
10: Int: Not used            : irq 255
11: Int: Not used            : irq 255

Licensed features for this platform:
Maximum Physical Interfaces    : 8        
VLANs                          : 3, DMZ Restricted
Inside Hosts                   : 50       
Failover                       : Disabled
VPN-DES                        : Enabled  
VPN-3DES-AES                   : Enabled  
SSL VPN Peers                  : 2        
Total VPN Peers                : 10       
Dual ISPs                      : Disabled 
VLAN Trunk Ports               : 0        
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled 
AnyConnect for Cisco VPN Phone : Disabled 
AnyConnect Essentials          : Disabled 
Advanced Endpoint Assessment   : Disabled 
UC Phone Proxy Sessions        : 2        
Total UC Proxy Sessions        : 2        
Botnet Traffic Filter          : Disabled 

This platform has a Base license.

Serial Number: *******
Running Activation Key: ************
Configuration register is *

+++++++++++++++++++++++++++++++++++++++++++++++

BTW, there is no specific reason on why V3 of the anyconnect. It is just showing up as the latest one when I downloaded the package files.

Thanks,

0 Helpful
Customers Also Viewed These Support Documents