Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1732
Views
5
Helpful
3
Replies

VPN Licensing

cristianpop
Level 1
Level 1

‎12-19-2014 01:42 AM

Hello everyone,

 

My company recently purchased the Cisco ASA 5512-X (ASA5512-K9, ASA5500-ENCR-K9) Firewall together with the AnyConnect Essentials VPN License (ASA-AC-E-5512) and the AnyConnect Mobile (ASA-AC-M-5512) License.

 

We planned on using the Cisco AnyConnect Secure Mobility Client on PCs and iOS Tablets. I have configured the device, everything is working fine except that the device does not accept more then 2 AnyConnect Clients at a time, altough the AnyConnect Essentials VPN License is installed (250 Peers). The following error appears in the logs:

 

%ASA-4-113029: Group <VPN_AnyConnect_group_policy> User <xxxxx.xxxxx> IP <x.x.x.x> Session could not be established: session limit of 2 reached.
%ASA-4-113038: Group <VPN_AnyConnect_group_policy> User <xxxxx.xxxxx> IP <x.x.x.x> Unable to create AnyConnect parent session.

 

When connected, the clients appear to be using the Premium License:

Username     : xxxx.xxxxx          Index        : 1824
Assigned IP  : xxx.xxx.xxx.xxx          Public IP    : xx.xx.xx.xx
Protocol     : AnyConnect-Parent
License      : AnyConnect Premium

 

I have set up the client to use IPSec, IKEv2 with AES256, is this triggering the usage of the AnyConnect Premium License instead of the AnyConnect Essentials VPN License? I the tried the 'vpn-sessiondb max-session-limit' command but it doesn't allow me to put a limit above 2.

 

Below the Licensing info:

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 50             perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : 250            perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
IPS Module                        : Disabled       perpetual
Cluster                           : Disabled       perpetual

 

Cisco Adaptive Security Appliance Software Version 9.2(2)4

 

Any help is greatly appreciated,

 

Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎12-19-2014 01:54 AM

Have you enabled the essentials-license under "webvpn"?

 

0 Helpful

Karsten Iwen
VIP
VIP

‎12-19-2014 01:55 AM

Have you enabled the license under "webvpn"?

webvpn
 anyconnect-essentials

cristianpop
Level 1
Level 1
In response to Karsten Iwen

‎12-19-2014 02:44 AM

Enabled anyconnect-essentials using the command:

webvpn
 anyconnect-essentials

 

All working fine now, clients appear to be using the correct License:

Username     : xxxxxx                 Index        : 1834
Assigned IP  : xxx.xxx.xxx.xxx           Public IP    : xxx.xxx.xxx.xxx
Protocol     : IKEv2 IPsecOverNatT AnyConnect-Parent
License      : AnyConnect Essentials

 

Thank you !

 

0 Helpful
Customers Also Viewed These Support Documents