Q. Can I buy a perpetual AnyConnect license? Can you tell me more about AnyConnect VPN Only and AnyConnect Plus Perpetual?
A. Yes. AnyConnect Plus is offered as a perpetual license in addition to the 1, 3 or 5 year terms.
Cisco also offers a perpetual VPN-only license. This provides the equivalent functionality of prior AnyConnect Premium plus Advanced Endpoint Assessment plus Mobile plus Phone VPN.
The VPN-only Licenses are designed for VPN only environments that have a large number of potential end users but very infrequent use (e.g. university with 10,000 students but with only 100 active users at any one time). With either the Plus Perpetual or VPN-only licenses, you must separately purchase support services or you will not be eligible to access software or tech support.
AnyConnect VPN Only is licensed based on a single headend device and simultaneous connections (not authorized users). For active/standby pairs, only the primary headend is required to have a VPN Only license. VPN Only licenses are an alternative to the AnyConnect Plus and Apex model. No other AnyConnect function or service (Web Security Module, ISE Posture, Network Visibility, ASA Multi-context VPN, etc) is available with the AnyConnect VPN Only licenses. VPN Only licenses do support Clientless SSL VPN, third party IPsec IKEv2, Suite B and VPN HostScan with an ASA. The VPN Only licenses cannot be transferred, rehosted, shared, combined, split, or directly upgraded to another VPN Only license size. These licenses do not coexist with Plus or Apex licensing or any retired AnyConnect licenses.
Both VPN Only and Plus Perpetual licenses require a SWSS contract on all head-ends in order to be eligible for SW access, updates, and techical support.
Q. Are there any additional limitations of the AnyConnect VPN-only licenses?
A. Yes. The AnyConnect VPN-only licenses are concurrent endpoint based vs total active user with AnyConnect Plus and Apex. The VPN-only are applied per individual ASA and there is no sharing of licenses between ASAs, unlike AnyConnect Plus and Apex, which provide this capability. For active/standby pairs, only the primary headend is required to have a VPN Only license. The VPN-only licenses are not portable, which means that when a new ASA is purchased additional licenses also need to be purchased. VPN-only license are not additive meaning that you can’t start with a set number of licenses (e.g. 500 at time x) and then increase capacity over time (e.g. add 100 more at time x + y). Nor can they be bought to service burst capacity requirements. And as mentioned previously, VPN-only licenses require the purchasing of support services whereas support is built into the term contracts for AnyConnect Plus and Apex.
A. The AnyConnect Plus and Apex model is based on total authorized users that will make use of any AnyConnect service, not simultaneous connections (either on a per-ASA or shared basis) and not total active remote access users. As such, a user can connect with as many devices as he / she wants as long as the you have available hardware capacity and have not exceeded your purchased authorized user count. It is your responsibility to purchase additional authorized user licenses if their usage needs increase. If you currently support 30K simultaneous user connections but have 50K users who need AnyConnect services, you would be required to buy a 50K license. If you have 100K users who need AnyConnect services, you would be required to buy a 100K license. For unattended environments where there are not really individual users on the other side of a connection, each unattended device is considered a unique user.
Join us for a detailed discussion of the integrations between Cisco Secure Email and SecureX. We’ll share the various ways that SecureX provides greater visibility across the Cisco Security landscape and demonstrate how Secure Email is the ...
ISE 2.7 FCS
To display default country code and Place holder customization please follow the below steps.
Upload the attached js file in Custom Portal Files.
Go to portal and add the below script in the Registration Form pag...
Part 1: The Basics
Hard-copy printing may feel very “old school” now, but a recent flurry of activity related to the print spooler service on Windows operating systems has brought one of the oldest IT applications back into the spotlight again. Our...
Python on Cisco Secure Email
The Python package used in our appliances is not a standard deployment --- just like AsyncOS is not your typical FreeBSD (a free and open-source Unix-like operating system descended from the Berkeley Software Distributio...
Wireless Controller WLC integration with Cisco ISE for access control through 802.1X is one of the most popular deployment in the network security field. Now is the employee PC safe after the authentication and authorization?even after the posture o...