03-28-2020 03:58 AM - edited 03-28-2020 04:27 AM
Dear team, I have a question need your help.
I have CISCO FPR2130-ASA-K9 and License L-FPR2130T-TMC=. I want to ask you guys how many SSL license free in this Firewall?
May I have the documentation to find out?
Thanks you guys
Solved! Go to Solution.
03-29-2020 11:23 PM - edited 03-30-2020 12:50 AM
AnyConnect Plus gives you all the basic remote access VPN features.
Apex adds compliance and remediation (posture checking capability - for use with ASA headend or ISE), clientless SSL VPN (for ASA only), Next Generation Encryption (Suite B), ASA multicontext-mode remote access and SAML Authentication. So order it if you require any of those features.
Full details can be found here:
http://www.cisco.com/c/dam/en/us/products/security/anyconnect-og.pdf
03-28-2020 07:33 AM - edited 03-28-2020 07:36 AM
The FPR2130-ASA-K9 part number indicates you are running ASA software image on the appliance.
The L-FPR2130T-TMC= part number is for 2130 appliance running Firepower Threat Defense (FTD) image. That part number doesn't give any remote access VPN licensing - only Threat (IPS), Malware (AMP) and Content (URL) Filtering licensing.
If you are running ASA image it includes the ability to support 2 remote access VPN clients (most commonly configured as SSL VPN but can support IPsec IKEv2 as well). However it does not include any right to download the required AnyConnect client software image. This is the case for any appliance running ASA image - no matter what platform.
If you are running FTD image you cannot even configure remote access VPN without AnyConnect Smart licensing first being active on the device.
03-28-2020 08:30 AM
Hi Mr Marvin Rhoads
Thank you for your answer.
So the FPR2130-ASA-K9 support 2 remote access VPN clients ( SSL VPN / IPsec IKEv2 ) by default ( No need to buy license) ?
and I need to buy AnyConnect Smart licensing to configure remote access VPN or it is the default in FPR2130-ASA-K9 with License L-FPR2130T-TMC=?
Am i said correct?
Thank you sir!
FPR2130-ASA-K9 with License L-FPR2130T-TMC=
03-29-2020 04:13 AM
No matter what headend you are using (one running ASA image or one running FTD image) you need AnyConnect licensing to be entitled to obtain the necessary software images for the clients. Those images must be present on the ASA or FTD device.
If you had the old ASA appliance they used to ship with an old AnyConnect 3.x image on them. Thus you could use that with the 2 allowed connections. New ASA appliances, including ASA image running on Firepower appliance do not include the AnyConnect software.
Repeating what I said earlier, license L-FPR2130T-TMC= is NOT for the FPR2130-ASA-K9.
Bottom line - you need licensing. Either purchased through the normal channels or (for now) you can take advantage of the offer from Cisco for free 90 day licensing as part of the COVID-19 response:
03-29-2020 07:58 PM
03-29-2020 08:16 PM
No, the NGFW (i.e. FTD image) SKUs have zero free remote access VPN licenses.
As I noted earlier "If you are running FTD image you cannot even configure remote access VPN without AnyConnect Smart licensing first being active on the device."
Your Smart account must have AnyConnect licenses available and assigned to the device before you even begin configuring remote access VPN (using either SSL or IPsec IKEv2 as the transport).
03-29-2020 09:29 PM
Hi Sir, thank you for helping me. Please help me one more question.
So it mean, anyconnect plus is enough? or require Anyconnect Apex
03-29-2020 11:23 PM - edited 03-30-2020 12:50 AM
AnyConnect Plus gives you all the basic remote access VPN features.
Apex adds compliance and remediation (posture checking capability - for use with ASA headend or ISE), clientless SSL VPN (for ASA only), Next Generation Encryption (Suite B), ASA multicontext-mode remote access and SAML Authentication. So order it if you require any of those features.
Full details can be found here:
http://www.cisco.com/c/dam/en/us/products/security/anyconnect-og.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide