12-18-2017 04:50 AM - edited 03-12-2019 04:50 AM
Hello
I could need some help in regards to AnyConnet running on a Multiple context ASA 5585-SSP10.
I think I have most of the configuration in place, but still I continously receive an error in regards to Apex licensing.
Group <anyconnect> User <someuser> IP <x.x.x.x> Session terminated, no AnyConnect Apex license available
I have the following configuration.
SYSTEM CONTEXT:
class anyconnect limit-resource VPN AnyConnect 75 ! context admin member anyconnect storage-url shared disk0:/anyconnect shared ! context somecontext member anyconnect allocate-interface TenGigabitEthernet0/9.220 storage-url shared disk0:/anyconnect shared config-url disk0:/somecontext.cfg join-failover-group 2
ADMIN CONTEXT
(I am actually not sure if this is needed anymore https://supportforums.cisco.com/t5/vpn/asa-9-6-2-anyconnect-in-multiple-context-mode/td-p/2970335):
webvpn anyconnect image shared:/anyconnect-macos-4.5.03040-webdeploy-k9.pkg 1 anyconnect image shared:/anyconnect-linux64-4.5.03040-webdeploy-k9.pkg 2 anyconnect image shared:/anyconnect-win-4.5.03040-webdeploy-k9.pkg 3 anyconnect enable
SOMECONTEXT CONTEXT
webvpn enable internet anyconnect image shared:/anyconnect-macos-4.5.03040-webdeploy-k9.pkg 1 anyconnect image shared:/anyconnect-linux64-4.5.03040-webdeploy-k9.pkg 2 anyconnect image shared:/anyconnect-win-4.5.03040-webdeploy-k9.pkg 3 anyconnect profiles tech shared:/tech.xml anyconnect enable tunnel-group-list enable
A show ver in SOMECONTEXT
Cisco Adaptive Security Appliance Software Version 9.6(3)1 <context> Licensed features for this user context: Failover : Active/Active perpetual Encryption-DES : Enabled perpetual Encryption-3DES-AES : Enabled perpetual Carrier : Disabled perpetual AnyConnect Premium Peers : 75 perpetual Other VPN Peers : 0 perpetual AnyConnect for Mobile : Disabled perpetual AnyConnect for Cisco VPN Phone : Disabled perpetual Advanced Endpoint Assessment : Disabled perpetual Botnet Traffic Filter : Disabled perpetual 10GE I/O : Enabled perpetual Cluster : Disabled perpetual Failover cluster licensed features for this user context: Failover : Active/Active perpetual Encryption-DES : Enabled perpetual Encryption-3DES-AES : Enabled perpetual Carrier : Disabled perpetual AnyConnect Premium Peers : 75 perpetual Other VPN Peers : 0 perpetual AnyConnect for Mobile : Enabled perpetual AnyConnect for Cisco VPN Phone : Enabled perpetual Advanced Endpoint Assessment : Enabled perpetual Botnet Traffic Filter : Disabled perpetual 10GE I/O : Enabled perpetual Cluster : Disabled perpetual
Anyone have any idea as to what is wrong? Help would be greatly appreciated.
Solved! Go to Solution.
12-18-2017 07:19 AM
I do not see anything wrong with the config or with the show outputs.
The only theory I have is you have a failover, you did not install the license on the secondary and context you are trying to connect to via anyconnect is on the secondary.
CSCvd87479
12-18-2017 07:19 AM
I do not see anything wrong with the config or with the show outputs.
The only theory I have is you have a failover, you did not install the license on the secondary and context you are trying to connect to via anyconnect is on the secondary.
CSCvd87479
12-19-2017 12:33 AM
Hello
Thank you for your reply. I did actually find the same bug this evening and you are correct. The problem was due to failover setup and no license on secondary firewall (where context was running).
08-09-2019 04:43 AM
Hi everyone.
first of all i dont know im in the right place to ask or not, but i have exact same problem of this post.
im trying to configure Anyconnect client base with asa 5555x in multiple context mode.
here is some info about platform and licences:
I have 2 "AC-VPNO-25" installed on both 5555x
here is what image version is running on asa:
Cisco Adaptive Security Appliance Software Version 9.8(2)
context show ver output is:
Licensed features for this platform: Failover : Active/Active perpetual Encryption-DES : Enabled perpetual Encryption-3DES-AES : Enabled perpetual Security Contexts : 5 perpetual Carrier : Disabled perpetual AnyConnect Premium Peers : 25 perpetual AnyConnect Essentials : Disabled perpetual Other VPN Peers : 5000 perpetual Total VPN Peers : 5000 perpetual AnyConnect for Mobile : Enabled perpetual AnyConnect for Cisco VPN Phone : Enabled perpetual Advanced Endpoint Assessment : Enabled perpetual Shared License : Disabled perpetual Total TLS Proxy Sessions : 2 perpetual Cluster : Enabled perpetual Cluster Members : 2 perpetual This platform has an ASA5555 VPN Premium license. Failover cluster licensed features for this platform: Failover : Active/Active perpetual Encryption-DES : Enabled perpetual Encryption-3DES-AES : Enabled perpetual Security Contexts : 10 perpetual Carrier : Disabled perpetual AnyConnect Premium Peers : 50 perpetual AnyConnect Essentials : Disabled perpetual Other VPN Peers : 5000 perpetual Total VPN Peers : 5000 perpetual AnyConnect for Mobile : Enabled perpetual AnyConnect for Cisco VPN Phone : Enabled perpetual Advanced Endpoint Assessment : Enabled perpetual Shared License : Disabled perpetual Total TLS Proxy Sessions : 4 perpetual Cluster : Enabled perpetual
im still getting following errors:
<Anyconnect-GroupPolicy> User <xxx> IP <xxx> Session terminated, no AnyConnect Apex license available
it seems my VPN Resource Allocation works fine also
--------------------------------------------------------------------------- VPN Licenses and Configured Limits Summary --------------------------------------------------------------------------- Status : Installed : Burst : Limit ----------------------------------------- AnyConnect Premium : ENABLED : 25 : 15 : NONE Other VPN (Available by Default) : ENABLED : 0 : 0 : NONE AnyConnect for Mobile : ENABLED(Requires Premium or Essentials) Advanced Endpoint Assessment : ENABLED(Requires Premium) AnyConnect for Cisco VPN Phone : ENABLED VPN-3DES-AES : ENABLED VPN-DES : ENABLED ---------------------------------------------------------------------------
I would be greatly appreciated if anyone can help me.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide