Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Anyconnect Secure Mobilty Client

Hi team,

Now I just Purchase Identical Anyconnect License for my ACtive and Passive ASA 5540 run with the version of 8.2(5).Can you please assist,How to install the license in my firewall.I know the configuration But I need to know which one I need to install first.After installing the license, How I configure anyconnect?

Thanks in advance for your understanding.

Regards,

Mohamed kabeer.S 

  • VPN
5 REPLIES
Cisco Employee

Hi Kabeer , With the license

Hi Kabeer ,

 

With the license , you get 5 touple activation keys  () . You can enter the command "activation-key" under configuration mode and then enter all the activation key that are provided.
This will activate the SSL VPN license on your box. After installing the activation key , you can configure the anyconnect using this document.

 

Regards,
Dinesh Moudgil

 

P.S. Please rate helpful posts.

New Member

Hi Dinesh,You are correct it

Hi Dinesh,

You are correct it has 5 touple. Here we have active and passive ASA. Which one I need to install first?Can you please explain the steps for active ans passive ASA?

Thanks and Regards,

Mohamed kabeer.S

 

Cisco Employee

Hi Kabeer,In Version 8.3(1)

Hi Kabeer,

In Version 8.3(1) and later, failover units do not require the same  license on each unit.

Older versions of adaptive security appliance software required that the  licenses match on each unit. Starting with Version 8.3(1), you no  longer need to install identical licenses. Typically, you buy a license  only for the primary unit; for Active/Standby failover, the secondary  unit inherits the primary license when it becomes active. If you have  licenses on both units, they combine into a single running failover  cluster license.

In essence, if you are using 8.3 and above , just add the activation key on primary ASA and this will take care of activating anyconnect VPN on your failover pair.

FYI:-For  the ASA 5505 and 5510 adaptive security appliances, both units require  the Security Plus license; the Base license does not support failover,  so you cannot enable failover on a standby unit that only has the Base  license.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

New Member

Hi Dinesh,Now my device run

Hi Dinesh,

Now my device run with version of 8.2(5).I have identical license for both active and passive ASA. Now my question is which one I need to install first.After installation which one I need to reboot first.Can you please explain the steps.

Thanks and Regards,

Mohamed kabeer.S

Hall of Fame Super Silver

It does not matter which unit

It does not matter which unit's activation key is applied first. An AnyConnect license addition does not require a reload on either unit. See this reference for confirmation and details.

After you have applied the key on each unit, you can then proceed to setup your remote access VPN, working from the active unit. Assuming your failover is healthy, the configuration will automatically synchronize.

One item to note is that any profile (xml file) that you create for AnyConnect users will have to be manually copied from the Active unit to the Standby.

47
Views
0
Helpful
5
Replies
This widget could not be displayed.