ASA 5505 - SSL WebVPN License

Answered Question
Dec 28th, 2012

Hi Experts ,

I am planning to setup Clientless Web VPN on our ASA 5505 for secure access to a internal web resource from outside.

When I checked the licensing details on the ASA using #sh ver I could notice thar Web VPN peers allowed is only 2

Does this mean that only two clientless simoultaneous connections are possible ?

Licensed features for this platform:

Maximum Physical Interfaces : 8

VLANs                       : 3, DMZ Restricted

Inside Hosts                : Unlimited

Failover                    : Disabled

VPN-DES                     : Enabled

VPN-3DES-AES                : Enabled

VPN Peers                   : 10

WebVPN Peers                : 2

Dual ISPs                   : Disabled

VLAN Trunk Ports            : 0

This platform has a Base license.

Please help !

Regards,

Anup 

I have this problem too.
0 votes
Correct Answer by Jouni Forss about 1 year 3 months ago

Hi,

Yes, this is my understanding atleast. I would still confirm this from the part that is selling you the license if planning to get a license to enable more users so you can be sure that you get the right thing for your needs.

Heres a Table of the different Licenses to ASA5505 (even though they are not the VPN licenses exactly but all of them show only 2 SSL VPN peers)

Cisco ASA 5505 Solution Description

Firewall/VPN Performance

Part Number

Cisco ASA 5505 10-user bundle

Includes  10-user license, 8-port Fast Ethernet switch, stateful firewall, 10  IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion slot

150 Mbps/100 Mbps

ASA5505-BUN-K9

Cisco ASA 5505 50-user bundle

Includes  50-user license, 8-port Fast Ethernet switch, stateful firewall, 10  IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion slot

150 Mbps/100 Mbps

ASA5505-50-BUN-K9

Cisco ASA 5505 unlimited user bundle

Includes  unlimited user license, 8-port Fast Ethernet switch, stateful firewall,  10 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion  slot

150 Mbps/100 Mbps

ASA5505-UL-BUN-K9

Cisco ASA 5505 Security Plus bundle

Includes  Cisco ASA 5505, unlimited users, 8-port Fast Ethernet switch, stateful  firewall, 25 IPsec VPN peers, 2 SSL VPN peers, stateless Active/Standby  high availability, dual ISP support, DMZ support, 3DES/AES license, and 1  expansion slot

150 Mbps/100 Mbps

ASA5505-SEC-BUN-K9

Source:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html

Heres also a better link that does seem to list alot of the capabilities of the ASA5500 series (and also include some part numbers)

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e39.html

EDIT: Seems ASA5505 only supports 25 VPN Clients (of any type) MAX

- Jouni

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 4.7 (3 ratings)
Jouni Forss Sat, 12/29/2012 - 02:52

Hi,

The VPN licencing part has for me been always the thing that seemed most "complicated"

It seems you have a Base License and probably have not aquired any sort of SSL VPN License

At current you can use 2 concurrent SSL VPN connections (AnyConnect or Clientless/Webvpn)

After this you have to my understanding 2 options regarding SSL VPN. (Thought other doesnt include Clientless/WebVPN anymoreso not really an option for you I guess)

One is AnyConnect Essentials that max out the AnyConnect peer limit on the ASA...BUT...to my understanding it takes away all the Clientless / WebVPN peer capabilities

Then theres AnyConnect Premium license that allows the use of both AnyConnect and Clientless/WebVPN but you will still need to buy license upgrades to get the needed amount of concurrent VPN peers. I think the limits went something like 10 users, 25 users, 50 users and so on.

If the above is still true then I imagine if you need more than 2 users you have to get the Premium license. I don't normally handle alot of the licensing stuff on our ASAs myself and rather get the devices already with the correct licences when they end up with me for configurations

- Jouni

anupsasikumar Sat, 12/29/2012 - 03:41

Hi Jouni,

Thank you for the information. So according to that only two users will be able to access the Web portal from outside simoutaneously if I am not upgrading the license . Am I correct?

Regards,

Anup

Correct Answer
Jouni Forss Sat, 12/29/2012 - 03:56

Hi,

Yes, this is my understanding atleast. I would still confirm this from the part that is selling you the license if planning to get a license to enable more users so you can be sure that you get the right thing for your needs.

Heres a Table of the different Licenses to ASA5505 (even though they are not the VPN licenses exactly but all of them show only 2 SSL VPN peers)

Cisco ASA 5505 Solution Description

Firewall/VPN Performance

Part Number

Cisco ASA 5505 10-user bundle

Includes  10-user license, 8-port Fast Ethernet switch, stateful firewall, 10  IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion slot

150 Mbps/100 Mbps

ASA5505-BUN-K9

Cisco ASA 5505 50-user bundle

Includes  50-user license, 8-port Fast Ethernet switch, stateful firewall, 10  IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion slot

150 Mbps/100 Mbps

ASA5505-50-BUN-K9

Cisco ASA 5505 unlimited user bundle

Includes  unlimited user license, 8-port Fast Ethernet switch, stateful firewall,  10 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion  slot

150 Mbps/100 Mbps

ASA5505-UL-BUN-K9

Cisco ASA 5505 Security Plus bundle

Includes  Cisco ASA 5505, unlimited users, 8-port Fast Ethernet switch, stateful  firewall, 25 IPsec VPN peers, 2 SSL VPN peers, stateless Active/Standby  high availability, dual ISP support, DMZ support, 3DES/AES license, and 1  expansion slot

150 Mbps/100 Mbps

ASA5505-SEC-BUN-K9

Source:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html

Heres also a better link that does seem to list alot of the capabilities of the ASA5500 series (and also include some part numbers)

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e39.html

EDIT: Seems ASA5505 only supports 25 VPN Clients (of any type) MAX

- Jouni

Jouni Forss Sat, 12/29/2012 - 04:01

Also,

Seems you are running an older software for example compared to my own ASA at home.

I have an ASA5505 with Base license running 8.4(3)

Heres the my "show version". The output is different because of the version. Seems you are running 8.2 or below on your ASA5505. But I'd imagine our Licenses are currently identical.

Licensed features for this platform:

Maximum Physical Interfaces       : 8              perpetual

VLANs                             : 3              DMZ Restricted

Dual ISPs                         : Disabled       perpetual

VLAN Trunk Ports                  : 0              perpetual

Inside Hosts                      : 10             perpetual

Failover                          : Disabled       perpetual

VPN-DES                           : Enabled        perpetual

VPN-3DES-AES                      : Enabled        perpetual

AnyConnect Premium Peers          : 2              perpetual

AnyConnect Essentials             : Disabled       perpetual

Other VPN Peers                   : 10             perpetual

Total VPN Peers                   : 12             perpetual

Shared License                    : Disabled       perpetual

AnyConnect for Mobile             : Disabled       perpetual

AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Advanced Endpoint Assessment      : Disabled       perpetual

UC Phone Proxy Sessions           : 2              perpetual

Total UC Proxy Sessions           : 2              perpetual

Botnet Traffic Filter             : Disabled       perpetual

Intercompany Media Engine         : Disabled       perpetual

This platform has a Base license.

anupsasikumar Sat, 12/29/2012 - 04:24

Hi Jouni,

The links you provided were extremely informative ! Thanks !

Yes I have a pretty old ASA software version - 7.2(4)

So even when I upgrade the license , the maximum VPN peers that I can have is 25 , on an ASA 5505. Got it !

Regards,

Anup

Actions

Login or Register to take actions

This Discussion

Posted December 28, 2012 at 9:28 PM
Stats:
Replies:5 Avg. Rating:4.66667
Views:2524 Votes:0
Shares:0
Tags: license, asa5505
+

Related Content

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446