No. of users for Anyconnect 4.0 licensing with ASA?

kunalchopra1992 · ‎04-15-2016

How is the number of users determined (i.e. AD groups, local accounts)

I cannot find anywhere how the ASA manages the technical details of "users" and matching them up with licenses. If the user database is not on the ASA, then how can it know the potential user count. What if I have over time connected 50 different users and I used up my licenses, but 25 of those users are no longer in the AD or LDAP or ISE or ACS...

Aditya Ganjoo · ‎04-15-2016

Hi Kunal,

ASA maintains the user sessions on the basis of session info which is tracked using the following command:

show vpn-sessiondb detail anyconnect

More info on this link:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_anyconnect.html#wp1101095

Regards,

Aditya

Please rate helpful posts and mark correct answers.

kunalchopra1992 · ‎04-17-2016

Thank you so much Aditya......

Aditya Ganjoo · ‎04-17-2016

Hi Kunal,

Glad to assist.

Please close the discussion if your query has been answered.

Thanks.

Regards,

Aditya

Marvin Rhoads · ‎04-16-2016

Aditya's answer covers currently connected users.

The ASA does not track or keep record of historical user counts. Thus there is no technical enforcement of that aspect of the current licensing model. Basically, it's the "honor system".

kunalchopra1992 · ‎04-17-2016

Thank you so much Marvin, It does make sense !