12-28-2012 09:28 PM - edited 03-11-2019 05:41 PM
Hi Experts ,
I am planning to setup Clientless Web VPN on our ASA 5505 for secure access to a internal web resource from outside.
When I checked the licensing details on the ASA using #sh ver I could notice thar Web VPN peers allowed is only 2
Does this mean that only two clientless simoultaneous connections are possible ?
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0
This platform has a Base license.
Please help !
Regards,
Anup
Solved! Go to Solution.
12-29-2012 03:56 AM
Hi,
Yes, this is my understanding atleast. I would still confirm this from the part that is selling you the license if planning to get a license to enable more users so you can be sure that you get the right thing for your needs.
Heres a Table of the different Licenses to ASA5505 (even though they are not the VPN licenses exactly but all of them show only 2 SSL VPN peers)
Source:
Heres also a better link that does seem to list alot of the capabilities of the ASA5500 series (and also include some part numbers)
EDIT: Seems ASA5505 only supports 25 VPN Clients (of any type) MAX
- Jouni
12-29-2012 02:52 AM
Hi,
The VPN licencing part has for me been always the thing that seemed most "complicated"
It seems you have a Base License and probably have not aquired any sort of SSL VPN License
At current you can use 2 concurrent SSL VPN connections (AnyConnect or Clientless/Webvpn)
After this you have to my understanding 2 options regarding SSL VPN. (Thought other doesnt include Clientless/WebVPN anymoreso not really an option for you I guess)
One is AnyConnect Essentials that max out the AnyConnect peer limit on the ASA...BUT...to my understanding it takes away all the Clientless / WebVPN peer capabilities
Then theres AnyConnect Premium license that allows the use of both AnyConnect and Clientless/WebVPN but you will still need to buy license upgrades to get the needed amount of concurrent VPN peers. I think the limits went something like 10 users, 25 users, 50 users and so on.
If the above is still true then I imagine if you need more than 2 users you have to get the Premium license. I don't normally handle alot of the licensing stuff on our ASAs myself and rather get the devices already with the correct licences when they end up with me for configurations
- Jouni
12-29-2012 03:41 AM
Hi Jouni,
Thank you for the information. So according to that only two users will be able to access the Web portal from outside simoutaneously if I am not upgrading the license . Am I correct?
Regards,
Anup
12-29-2012 03:56 AM
Hi,
Yes, this is my understanding atleast. I would still confirm this from the part that is selling you the license if planning to get a license to enable more users so you can be sure that you get the right thing for your needs.
Heres a Table of the different Licenses to ASA5505 (even though they are not the VPN licenses exactly but all of them show only 2 SSL VPN peers)
Source:
Heres also a better link that does seem to list alot of the capabilities of the ASA5500 series (and also include some part numbers)
EDIT: Seems ASA5505 only supports 25 VPN Clients (of any type) MAX
- Jouni
12-29-2012 04:01 AM
Also,
Seems you are running an older software for example compared to my own ASA at home.
I have an ASA5505 with Base license running 8.4(3)
Heres the my "show version". The output is different because of the version. Seems you are running 8.2 or below on your ASA5505. But I'd imagine our Licenses are currently identical.
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 3 DMZ Restricted
Dual ISPs : Disabled perpetual
VLAN Trunk Ports : 0 perpetual
Inside Hosts : 10 perpetual
Failover : Disabled perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has a Base license.
12-29-2012 04:24 AM
Hi Jouni,
The links you provided were extremely informative ! Thanks !
Yes I have a pretty old ASA software version - 7.2(4)
So even when I upgrade the license , the maximum VPN peers that I can have is 25 , on an ASA 5505. Got it !
Regards,
Anup
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: