Solved: License with anyconnect on asa 5520

Shibu1978 · ‎11-29-2012

Dear All,

We have a single ASA 5510 with version 7.2 (3) in our network and configured many IPSEC site to site, IPSEC - remote access vpn and webvpn with SSL. Everything is working well.

ASA-5510# sh ver

Cisco Adaptive Security Appliance Software Version 7.2(3)
Device Manager Version 5.2(2)

Compiled on Wed 15-Aug-07 16:08 by builders
System image file is "disk0:/asa723-k8.bin"
Config file at boot was "startup-config"

ASA-5510-1 up 86 days 11 hours

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CNlite-MC-Boot-Cisco-1.2
                             SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
                             IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0         : address is 0027.0d38.034e, irq 9
1: Ext: Ethernet0/1         : address is 0027.0d38.034f, irq 9
2: Ext: Ethernet0/2         : address is 0027.0d38.0350, irq 9
3: Ext: Ethernet0/3         : address is 0027.0d38.0351, irq 9
4: Ext: Management0/0       : address is 0027.0d38.0352, irq 11
5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs               : 100
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Security Contexts           : 2
GTP/GPRS                    : Disabled
VPN Peers                   : 250
WebVPN Peers                : 25

This platform has an ASA 5510 Security Plus license.

===============================================================================================

As business improves we are now planning to upgrade our ASA 5510 to ASA 5520 ( 02 nos ver 8.2(5). With the new ASA 5520 we would be planning to buy Any connect vpn license as well.

Finally we will need on the ASA 5520 IPSEC site to site vpn, IPSEC - remote access vpn , clientless vpn with SSL & Any connect vpn license. What are the licences should i purchase inorder to have all the above services on the box with version 8.2(5) ?

suppose if i need to have cisco desktop software which is the license i should have along with other services?

Thanks in advance

Julio Carvajal · ‎12-03-2012

Hello,

You are good to go..

AnyConnect Premium Peers : 50

AnyConnect Essentials : Disabled

They will work.

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎11-29-2012

In order to have both SSL anyconnect clients and clientless SSL you should go for the anyconnect premium license.

Here is a brief description of this license:

These licenses are unrestricted and allow for client-based and client-less VPNs along with some advanced security features like Endpoint Assessments and Remote Host Scans. The AnyConnect Premium scheme is tiered. So the licensing starts at the 2 the ASA comes with. You can then upgrade to 10, 25, 50, 100, 250, etc... until you reach the box max.

You will also be able to maintain your L2L tunnels.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Shibu1978 · ‎11-29-2012

Thanks for the response.

Meanwhile with the AnyConnect Essentials VPN License i hope i can run all the above services(IPSEC site to site vpn, IPSEC - remote access vpn , SSL anyconnect clients ) except clientless SSL vpn and cisco desktop software. please clarrify thanks

Julio Carvajal · ‎11-29-2012

Hello,

Exactly You got it...

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Shibu1978 · ‎12-03-2012

Dears,

I got the following licence is being applied in the system now. Following is the Sh ver from the device. I hope i can configure Any connect client and clientless SSL on the system now. Please verify and update thanksss.

Failover : Enabled

Encryption-DES : Enabled

Encryption-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

AnyConnect Premium Peers : 50

Other VPN Peers : 750

Advanced Endpoint Assessment : Disabled

AnyConnect for Mobile : Disabled

AnyConnect for Cisco VPN Phone : Disabled

Shared License : Disabled

UC Phone Proxy Sessions : Default

Total UC Proxy Sessions : Default

AnyConnect Essentials : Enabled

Botnet Traffic Filter : Disabled

Intercompany Media Engine : Disabled

lcaruso · ‎12-03-2012

These two entries indicate the license is installed.

AnyConnect Premium Peers : 50

AnyConnect Essentials : Enabled

Julio Carvajal · ‎12-03-2012

Hello,

Please share

show run webvpn,

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Shibu1978 · ‎12-03-2012

I am just away from office .. Will provide same tomorrow...

Meanwhile "L-ASA-SSL-50=ASA 5500 SSL VPN 50 Premium User License" this is the licence i have procured from cisco. I would need

both Anyconnect vpn & SSL clientless should be working on the system. Hope i would acheive with the above license.

Below is the output i got when generated the Licence key. please clarrify. thanks in advance

Failover : Enabled

Encryption-DES : Enabled

Encryption-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

AnyConnect Premium Peers : 50

Other VPN Peers : 750

Advanced Endpoint Assessment : Disabled

AnyConnect for Mobile : Disabled

AnyConnect for Cisco VPN Phone : Disabled

Shared License : Disabled

UC Phone Proxy Sessions : Default

Total UC Proxy Sessions : Default

AnyConnect Essentials : Disabled

Botnet Traffic Filter : Disabled

Intercompany Media Engine : Disabled

Julio Carvajal · ‎12-03-2012

Hello,

You are good to go..

AnyConnect Premium Peers : 50

AnyConnect Essentials : Disabled

They will work.

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Shibu1978 · ‎12-03-2012

Thanks

In future hope i can get Cisco desktop software & Anyconnect mobile licence and get it run on this platform..pl response

Julio Carvajal · ‎12-03-2012

Hello,

Yes, that is possible

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC