Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1812
Views
0
Helpful
2
Replies

The Right AnyConnect License

ZallafIT27170
Level 1
Level 1

‎06-20-2019 01:07 AM - edited ‎02-21-2020 09:41 PM

Hi,

We have ASA 5516-x firewalls deployed, and we are planning to provide AnyConnect VPN access to more employees but we are not sure about the right license to purchase to achieve our goal.

 

The current licensed features of the firewalls are:

 

Maximum Physical Interfaces             : Unlimited      perpetual

Maximum VLANs                               : 150            perpetual

Inside Hosts                                      : Unlimited      perpetual

Failover                                             : Active/Active  perpetual

Encryption-DES                                : Enabled        perpetual

Encryption-3DES-AES                      : Enabled        perpetual

Security Contexts                             : 2              perpetual

Carrier                                              : Disabled       perpetual

AnyConnect Premium Peers              : 4              perpetual

AnyConnect Essentials                      : Disabled       perpetual

Other VPN Peers                               : 300            perpetual

Total VPN Peers                                : 300            perpetual

AnyConnect for Mobile                     : Disabled       perpetual

AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Advanced Endpoint Assessment       : Disabled       perpetual

Shared License                                 : Disabled       perpetual

Total TLS Proxy Sessions                   : 1000           perpetual

Botnet Traffic Filter                             : Disabled       perpetual

Cluster                                               : Enabled        perpetual

Cluster Members                                : 2              perpetual

VPN Load Balancing                           : Enabled        perpetual

 

We configured the firewall so the VPN users are added/deleted on our Active Directory server not on the ASA itself, and we would like to keep it that way. We also need to be able to have the capability to provide the VPN connectivity for 50 users at any moment. So we need help getting answers for the following questions:

 

  • If we would decide to go for VPN Only license option, what would be the right product name of the license?
  • If we would decide to go for the other option, should we go for AnyConnect Plus License or AnyConnect Apex License? And in this case, how would this license work with the Active Directory? Also, the list of users that would be granted a VPN access is not a fixed one; so, we would need to add/delete users all the time. Is this would be possible if we go for AnyConnect Plus or Apex Licenses that provide access to specific number of unique users?

Thanks in advance.

 

0 Helpful
2 Replies 2

ZallafIT27170
Level 1
Level 1
In response to Mohammed al Baqari

‎06-20-2019 04:15 AM

Thanks for the links. I read them before posting my question but I didn't find the answers that we need.
0 Helpful
Customers Also Viewed These Support Documents