Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
935
Views
0
Helpful
5
Replies

ASA 5500x new anyconnect VPN license structure

Go to solution
pmlam3274
Level 1
Level 1

‎06-15-2015 11:01 AM - edited ‎02-21-2020 08:16 PM

I am just wondering if anyone can give me some insight on the new ASA VPN (SSL VPN) licensing structure.  Currently, i have anyconnect premium license installed on the ASA 5500 series  but would like to purchase the same type of license for the ASA 5500x series.  I understand premium license is required for SSL VPN and webvpn.  Can anyone fill me in if the anyconnect premium and the anyconnect essentials license has been replaced by the Cisco Anyconnect Apex license?

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-15-2015 12:13 PM

The new AnyConnect Apex maps to the old Premium licenses. They are now term-based (1, 3 5 year) and are licensed per unique user (no matter how many devices) vs. concurrent users on the old scheme.

Apex (or the old Premium) is required for clientless SSL VPN. Regular AnyConnect client-based SSL VPN does not require Apex but can be done using only Plus licenses.

The new AnyConnect Plus maps to the old Essentials plus Mobile licenses. There is both a perpetual and term-based option.

The licensing per unique user is a terms and conditions / EULA sort of thing and not enforced by technical means at this time.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-15-2015 12:13 PM

The new AnyConnect Apex maps to the old Premium licenses. They are now term-based (1, 3 5 year) and are licensed per unique user (no matter how many devices) vs. concurrent users on the old scheme.

Apex (or the old Premium) is required for clientless SSL VPN. Regular AnyConnect client-based SSL VPN does not require Apex but can be done using only Plus licenses.

The new AnyConnect Plus maps to the old Essentials plus Mobile licenses. There is both a perpetual and term-based option.

The licensing per unique user is a terms and conditions / EULA sort of thing and not enforced by technical means at this time.

0 Helpful

Go to solution
pmlam3274
Level 1
Level 1
In response to Marvin Rhoads

‎06-15-2015 07:24 PM

Thank you for replying my question.  Just have 1 question, do i apply the anyconnect plus license the same way i apply the anyconnect essential license to the ASA?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to pmlam3274

‎06-15-2015 08:53 PM

You're welcome.

Yes - using the "activation-key" command still applies.

Keys are no longer bound to a particular ASA serial number.

0 Helpful

Go to solution
pmlam3274
Level 1
Level 1
In response to Marvin Rhoads

‎06-17-2015 01:32 PM

Marvin, you mention that the new license structure is per user vs the old way concurrent user.  Does the ASA keep a database of users of who is who?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to pmlam3274

‎06-17-2015 01:53 PM

The ASA does of course know who is currently logged on. But it doesn't keep track of who was logged on previously (beyond whatever syslog messages may have been generated, depending on your local settings).

So, for now, it's sort of an honor system. That's what I was implying by "not enforced by technical means at this time". That may change in the future.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents