12-18-2017 04:50 AM - edited 03-12-2019 04:50 AM
Hello
I could need some help in regards to AnyConnet running on a Multiple context ASA 5585-SSP10.
I think I have most of the configuration in place, but still I continously receive an error in regards to Apex licensing.
Group <anyconnect> User <someuser> IP <x.x.x.x> Session terminated, no AnyConnect Apex license available
I have the following configuration.
SYSTEM CONTEXT:
class anyconnect limit-resource VPN AnyConnect 75 ! context admin member anyconnect storage-url shared disk0:/anyconnect shared ! context somecontext member anyconnect allocate-interface TenGigabitEthernet0/9.220 storage-url shared disk0:/anyconnect shared config-url disk0:/somecontext.cfg join-failover-group 2
ADMIN CONTEXT
(I am actually not sure if this is needed anymore https://supportforums.cisco.com/t5/vpn/asa-9-6-2-anyconnect-in-multiple-context-mode/td-p/2970335):
webvpn anyconnect image shared:/anyconnect-macos-4.5.03040-webdeploy-k9.pkg 1 anyconnect image shared:/anyconnect-linux64-4.5.03040-webdeploy-k9.pkg 2 anyconnect image shared:/anyconnect-win-4.5.03040-webdeploy-k9.pkg 3 anyconnect enable
SOMECONTEXT CONTEXT
webvpn enable internet anyconnect image shared:/anyconnect-macos-4.5.03040-webdeploy-k9.pkg 1 anyconnect image shared:/anyconnect-linux64-4.5.03040-webdeploy-k9.pkg 2 anyconnect image shared:/anyconnect-win-4.5.03040-webdeploy-k9.pkg 3 anyconnect profiles tech shared:/tech.xml anyconnect enable tunnel-group-list enable
A show ver in SOMECONTEXT
Cisco Adaptive Security Appliance Software Version 9.6(3)1 <context> Licensed features for this user context: Failover : Active/Active perpetual Encryption-DES : Enabled perpetual Encryption-3DES-AES : Enabled perpetual Carrier : Disabled perpetual AnyConnect Premium Peers : 75 perpetual Other VPN Peers : 0 perpetual AnyConnect for Mobile : Disabled perpetual AnyConnect for Cisco VPN Phone : Disabled perpetual Advanced Endpoint Assessment : Disabled perpetual Botnet Traffic Filter : Disabled perpetual 10GE I/O : Enabled perpetual Cluster : Disabled perpetual Failover cluster licensed features for this user context: Failover : Active/Active perpetual Encryption-DES : Enabled perpetual Encryption-3DES-AES : Enabled perpetual Carrier : Disabled perpetual AnyConnect Premium Peers : 75 perpetual Other VPN Peers : 0 perpetual AnyConnect for Mobile : Enabled perpetual AnyConnect for Cisco VPN Phone : Enabled perpetual Advanced Endpoint Assessment : Enabled perpetual Botnet Traffic Filter : Disabled perpetual 10GE I/O : Enabled perpetual Cluster : Disabled perpetual
Anyone have any idea as to what is wrong? Help would be greatly appreciated.
Solved! Go to Solution.
12-18-2017 07:19 AM
I do not see anything wrong with the config or with the show outputs.
The only theory I have is you have a failover, you did not install the license on the secondary and context you are trying to connect to via anyconnect is on the secondary.
CSCvd87479
12-18-2017 07:19 AM
I do not see anything wrong with the config or with the show outputs.
The only theory I have is you have a failover, you did not install the license on the secondary and context you are trying to connect to via anyconnect is on the secondary.
CSCvd87479
12-19-2017 12:33 AM
Hello
Thank you for your reply. I did actually find the same bug this evening and you are correct. The problem was due to failover setup and no license on secondary firewall (where context was running).
08-09-2019 04:43 AM
Hi everyone.
first of all i dont know im in the right place to ask or not, but i have exact same problem of this post.
im trying to configure Anyconnect client base with asa 5555x in multiple context mode.
here is some info about platform and licences:
I have 2 "AC-VPNO-25" installed on both 5555x
here is what image version is running on asa:
Cisco Adaptive Security Appliance Software Version 9.8(2)
context show ver output is:
Licensed features for this platform: Failover : Active/Active perpetual Encryption-DES : Enabled perpetual Encryption-3DES-AES : Enabled perpetual Security Contexts : 5 perpetual Carrier : Disabled perpetual AnyConnect Premium Peers : 25 perpetual AnyConnect Essentials : Disabled perpetual Other VPN Peers : 5000 perpetual Total VPN Peers : 5000 perpetual AnyConnect for Mobile : Enabled perpetual AnyConnect for Cisco VPN Phone : Enabled perpetual Advanced Endpoint Assessment : Enabled perpetual Shared License : Disabled perpetual Total TLS Proxy Sessions : 2 perpetual Cluster : Enabled perpetual Cluster Members : 2 perpetual This platform has an ASA5555 VPN Premium license. Failover cluster licensed features for this platform: Failover : Active/Active perpetual Encryption-DES : Enabled perpetual Encryption-3DES-AES : Enabled perpetual Security Contexts : 10 perpetual Carrier : Disabled perpetual AnyConnect Premium Peers : 50 perpetual AnyConnect Essentials : Disabled perpetual Other VPN Peers : 5000 perpetual Total VPN Peers : 5000 perpetual AnyConnect for Mobile : Enabled perpetual AnyConnect for Cisco VPN Phone : Enabled perpetual Advanced Endpoint Assessment : Enabled perpetual Shared License : Disabled perpetual Total TLS Proxy Sessions : 4 perpetual Cluster : Enabled perpetual
im still getting following errors:
<Anyconnect-GroupPolicy> User <xxx> IP <xxx> Session terminated, no AnyConnect Apex license available
it seems my VPN Resource Allocation works fine also
--------------------------------------------------------------------------- VPN Licenses and Configured Limits Summary --------------------------------------------------------------------------- Status : Installed : Burst : Limit ----------------------------------------- AnyConnect Premium : ENABLED : 25 : 15 : NONE Other VPN (Available by Default) : ENABLED : 0 : 0 : NONE AnyConnect for Mobile : ENABLED(Requires Premium or Essentials) Advanced Endpoint Assessment : ENABLED(Requires Premium) AnyConnect for Cisco VPN Phone : ENABLED VPN-3DES-AES : ENABLED VPN-DES : ENABLED ---------------------------------------------------------------------------
I would be greatly appreciated if anyone can help me.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: