12-19-2014 01:42 AM
Hello everyone,
My company recently purchased the Cisco ASA 5512-X (ASA5512-K9, ASA5500-ENCR-K9) Firewall together with the AnyConnect Essentials VPN License (ASA-AC-E-5512) and the AnyConnect Mobile (ASA-AC-M-5512) License.
We planned on using the Cisco AnyConnect Secure Mobility Client on PCs and iOS Tablets. I have configured the device, everything is working fine except that the device does not accept more then 2 AnyConnect Clients at a time, altough the AnyConnect Essentials VPN License is installed (250 Peers). The following error appears in the logs:
%ASA-4-113029: Group <VPN_AnyConnect_group_policy> User <xxxxx.xxxxx> IP <x.x.x.x> Session could not be established: session limit of 2 reached.
%ASA-4-113038: Group <VPN_AnyConnect_group_policy> User <xxxxx.xxxxx> IP <x.x.x.x> Unable to create AnyConnect parent session.
When connected, the clients appear to be using the Premium License:
Username : xxxx.xxxxx Index : 1824
Assigned IP : xxx.xxx.xxx.xxx Public IP : xx.xx.xx.xx
Protocol : AnyConnect-Parent
License : AnyConnect Premium
I have set up the client to use IPSec, IKEv2 with AES256, is this triggering the usage of the AnyConnect Premium License instead of the AnyConnect Essentials VPN License? I the tried the 'vpn-sessiondb max-session-limit' command but it doesn't allow me to put a limit above 2.
Below the Licensing info:
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : 250 perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
Cisco Adaptive Security Appliance Software Version 9.2(2)4
Any help is greatly appreciated,
12-19-2014 01:54 AM
Have you enabled the essentials-license under "webvpn"?
12-19-2014 01:55 AM
Have you enabled the license under "webvpn"?
webvpn anyconnect-essentials
12-19-2014 02:44 AM
Enabled anyconnect-essentials using the command:
webvpn anyconnect-essentials
All working fine now, clients appear to be using the correct License:
Username : xxxxxx Index : 1834
Assigned IP : xxx.xxx.xxx.xxx Public IP : xxx.xxx.xxx.xxx
Protocol : IKEv2 IPsecOverNatT AnyConnect-Parent
License : AnyConnect Essentials
Thank you !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide