We've had contradicting advice on AnyConnect licensing. We currently have two 5520 appliances in active/standby, each ASA had an AnyConnect Premium (50 peers) license installed, but following the (very sensible) change in 8.3 (I think), the total available premium peers is now 100, since we can now use both 50 packs across an active/standby cluster. We purchased these licenses specifically for using SSL WebVPN.
However, we also have the AnyConnect Essentials license installed, enabling us to use basic AnyConnect VPN functionality for the maximum 750 peers that 5520's support.
So, our licensing on the ASA looks like this...
Failover cluster licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 150 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 4 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 100 perpetual
AnyConnect Essentials : 750 perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 4 perpetual
Total UC Proxy Sessions : 4 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
We're now looking to replace the two 5520s with 5525s... and are preparing the costs for the new units, including licensing and SmartNet contracts. The conflicting advice is that we can't install both AnyConnect premium and essentials on the same failover pair (contrary to our current setup)...
(The AnyConnect Essentials license cannot be active at the same time as the following licenses on a given ASA: AnyConnect Premium license (all types) or the Advanced Endpoint Assessment license.)
1) Is this correct?
2) If we purchased 100 AnyConnect premium licenses, but did not purchase an Essentials license... would the premium license still allow us to use AnyConnect basic VPN functionality for the maximum supported number of VPN peers for the 5525?
I have not seen an ASA licensed with both Essentials and Premium at the same time. From everything I have heard, it's one or the other. I do know that if you get 100 licenses for premium, you will only have 100 Anyconnect connections to your ASA. Essentials will not be enabled.
Most of the clients we install ASA's for only get the Essentials license since either they have no reason for publishing apps (like you can do w/ Premium) or use another way to publish apps (like Citrix).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :