cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16609
Views
10
Helpful
7
Replies

Anyconnect VPN license on ASA 5510

smailmilak
Level 4
Level 4

Hi,

we have ASA 5510 with IPS and base license. Now we need Anyconnect support for more than 2 users.

Is for Anyconnect (tunnel-mode) only the Anyconnect Essentials license enough? Do I need a license for SSL VPN peers?

What about Anyconnect clientless, I see that I need a premium license?

Is this one enough ASA5510-SSL50-K9? It is really expensive in comparison with Anyconnect Essentials.

Here is my sh ver output:

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 50       
Inside Hosts                   : Unlimited
Failover                       : Disabled
VPN-DES                        : Enabled  
VPN-3DES-AES                   : Enabled  
Security Contexts              : 0        
GTP/GPRS                       : Disabled 
SSL VPN Peers                  : 2        
Total VPN Peers                : 250      
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled 
AnyConnect for Cisco VPN Phone : Disabled 
AnyConnect Essentials          : Disabled 
Advanced Endpoint Assessment   : Disabled 
UC Phone Proxy Sessions        : 2        
Total UC Proxy Sessions        : 2        
Botnet Traffic Filter          : Disabled

This platform has a Base license.

1 Accepted Solution

Accepted Solutions

Yes, AnyConnect Premium includes all the SSL features (this also includes the AnyConnect full tunnel mode - which is what AnyConnect Essential supports).

So if you purchase the 50 user license for AnyConnect Premium, you can have up to 50 concurrent SSL VPN connections, whether they are combination of all clientless, or combination of clientless and full tunnel, or just full tunnel. All with maximum of 50 concurrent SSL tunnels.

View solution in original post

7 Replies 7

Jennifer Halim
Cisco Employee
Cisco Employee

If you only need to run AnyConnect full tunnel mode, then AnyConnect Essential license is enough, and you can have up to 250 SSL concurrent connections.

However, if you need all the advance feature of AnyConnect (CSD, host scan, etc.), clientless SSL VPN as well as the AnyConnect full tunnel mode, then you would need to purchase AnyConnect premium license (and this is user base in the following increment: 10, 25, 50,100, 250).

And yes, AnyConnect Essential is considerably cheaper than AnyConnect Premium license.

Hope that answers your question.

So this does not mean that I need an adittional license in order to successfully use Anyconnect? I just buy Anyconnect Essentials, and I can have 250 simultaneous connections although in SH VER I have this:

sh ver


SSL VPN Peers                  : 2 

Is this right that if I buy a Anyconnect Premium license for 50 users than the SSL VPN Peers number will change to 50?

Is this the right part number?

ASA5510-SSL50-K9

Sorry, I need to be 100% sure before I place an order. The licensing is a little bit confusing.

From the output of show version, I don't see that AnyConnect Essential license has been enabled:

AnyConnect Essentials          : Disabled

You would need to get a new activation key to add the AnyConnect Essential feature enabled.

You can't have both AnyConnect Essential and AnyConnect Premium enabled on the same ASA. It will enable one and disable the other, so it can't be used at the same time.

Yes, if you buy ASA5510-SSL50-K9, and you already have AnyConnect Essential enabled on the ASA, when you enabled the ASA with the AnyConnect Premium, your AnyConnect Essential will get disabled. So it's one or the other, not both.

Question is:

- have you already purchased AnyConnect Essential? if you have, it doesn't seem to have been activated yet, as the show version output is showing AnyConnect Essentials as disabled.

- if you already purchased AnyConnect Essential, and you decide to purchase AnyConnect Premium with 50 users (ASA5510-SSL50-K9), then you can only turn on one or the other (not both at the same time).

No I have not purchased Anyconnect Essentials.

With Anyconnect Premium I will have the features that I get with Anyconnect Essentials too?

If I buy ASA5510-SSL50-K9 than I will be able to have in example 10 simultaneous Anyconnect sessions, and 20 Clientless sessions?

I found here that I get Essentials capabilites with the Premium license too.

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-527494_ps10884_Products_Data_Sheet.html

•  Includes clientless SSL VPN, Cisco Secure Desktop capabilities  (including Host Scan), and support for Cisco AnyConnect Secure Mobility.  Provides Essentials capabilities, including Full Tunneling access to  enterprise applications
• License is based on number of simultaneous users, and is available as a single device or shared license
• Cisco AnyConnect Secure Mobility also requires a Cisco IronPort Web Security Appliance license

Yes, AnyConnect Premium includes all the SSL features (this also includes the AnyConnect full tunnel mode - which is what AnyConnect Essential supports).

So if you purchase the 50 user license for AnyConnect Premium, you can have up to 50 concurrent SSL VPN connections, whether they are combination of all clientless, or combination of clientless and full tunnel, or just full tunnel. All with maximum of 50 concurrent SSL tunnels.

Thank you very much.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: