Cisco VPN client and License

Mathieu GEFFROY · ‎01-23-2012

Hello,

We have a Cisco ASA 5520 with the VPN PLus License and 8.04 IOS installed, we want to set up vpn access to our users. We can use the cisco VPN client which works on WIndows Platform, but we also have MAC OS 10.7 which works only with Cisco Anyconnect.

I am a little bit lost with all the client and the license, actually we can't setup more than 2 vpn session with an Anyconnect client installed on MAC or Windows. The authentication is by Certificate, the first two connect fine, but the third one don't connect and prompt for a username / password.

I joined a SH VER of my ASA, if anyome can tell me what is wrong on the license or perhaps it's a configuration problem?

Thanks a lot for the answer.

Mathieu.

fw-eps-02# sh ver

Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.4(1)

Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"

fw-eps-02 up 1 hour 36 mins

Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: GigabitEthernet0/0 : address is c84c.75da.9a58, irq 9
1: Ext: GigabitEthernet0/1 : address is c84c.75da.9a59, irq 9
2: Ext: GigabitEthernet0/2 : address is c84c.75da.9a5a, irq 9
3: Ext: GigabitEthernet0/3 : address is c84c.75da.9a5b, irq 9
4: Ext: Management0/0       : address is c84c.75da.9a5c, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs                : 150
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Security Contexts            : 2
GTP/GPRS                     : Disabled
VPN Peers                    : 750
WebVPN Peers                 : 2
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions            : 2

This platform has an ASA 5520 VPN Plus license.

Serial Number: JMX1433L0Y3
Running Activation Key: 0x3a17c153 0x8c141630 0xe0f3b5d4 0x86044ccc 0x47193392
Configuration register is 0x40 (will be 0x1 at next reload)
Configuration last modified by mgeffroy at 15:33:11.409 CEST Mon Jan 23 2012
fw-eps-02#

Jernej Vodopivec · ‎01-23-2012

why don't you use built-in client in mac osx? it supports certificate authentication also.

another solution would be to buy additional ssl vpn licences: there is a limit of two ssl vpn sessions by default.

Sent from Cisco Technical Support iPad App

ajay chauhan · ‎01-23-2012

https://supportforums.cisco.com/docs/DOC-13424

More Information is here .

Thanks

Ajay

Mathieu GEFFROY · ‎01-24-2012

Hello Ajay,

Thanks for your quick answer, I thought the VPN license was enough to use le Anyconnect client. I'm going to search the right license to use anyconnect client as we already deploy the client on each platform.

Regards,

Mathieu