Solved: Info about ASA 55xx

giovane.ma · ‎02-13-2012

Hi

i'm starting to read about ASA 55xx in Cisco website. But after some good reading, I have some questions.....

In Cisco Docs about ASA55xx, I see the "Maximum concurrent AnyConnect or clientless VPN sessions" and "Maximum concurrent site-to-site and IPsec IKEv1 VPN sessions" (e.g. 750 both): well, the maximux concurrent sessions are 750+750 (anyconnect + site-to-site), so I have to add the two types of sessions? Or what are the maximum concurrent sessions (of each type) in ASA5520?
So, at this point, if I want 750 AnyConnect Session and 750 site-to-site Session which license do i need to buy? ASA5500-SSL-750 ? ASA-VPNS-1000? or whatelse?
then, what are the "shared" license? When and where do i need to buy them?

thanks in advance.

Bye

Marvin Rhoads · ‎02-13-2012

Platform capabiliites and required licensing are as noted in the product data sheet:

Up to 750 AnyConnect and/or clientless VPN peers can be supported on each Cisco ASA 5520 by installing an Essential or a Premium AnyConnect VPN license; 750 IPsec VPN peers are supported on the base platform. VPN capacity and resiliency can be increased by taking advantage of the Cisco ASA 5520's integrated VPN clustering and load-balancing capabilities. The Cisco ASA 5520 supports up to 10 appliances in a cluster, offering a maximum of 7500 AnyConnect and/or clientless VPN peers or 7500 IPsec VPN peers per cluster.

Reiterating:

The ASA 5520 750 site-site VPN capability is in the base license / product (Part number ASA5520-BUN-K9 or ASA5520-K8 depending on whther you are eleigible to pruchase the strong encryption (-BUN-K9) version)

The AnyConnect user licenses required depend on whether you need Anyconnect Essentials or Premium. The Anyconnect data sheet outlines the differences. Essentials is one license that allows up to 750 clients to use the appliance simultaneously. Premium (which cannot be loaded at the same time as Essentials) requires the licenses to be purchased according to the tiered per user scheme.

Shared licenses are shared among ASAs in a cluster (2 or more units configured together).

There is the concept of licenses in a failover (2-unit) cluster. That is automatic - i.e. the license numbers are additive and shared up to the platform capability. the ASA5500-SSL-750 part would be used in that setup.

There is also the concept of an anyconnect Premium Shared Server. In that scheme, the shared server allocates licenses in 50 unit blocks to the cluster membes ars they need them. The ASA-VPNS-1000 part number you mention is used in that sort of setup.

View solution in original post

Marvin Rhoads · ‎02-13-2012

Platform capabiliites and required licensing are as noted in the product data sheet:

Up to 750 AnyConnect and/or clientless VPN peers can be supported on each Cisco ASA 5520 by installing an Essential or a Premium AnyConnect VPN license; 750 IPsec VPN peers are supported on the base platform. VPN capacity and resiliency can be increased by taking advantage of the Cisco ASA 5520's integrated VPN clustering and load-balancing capabilities. The Cisco ASA 5520 supports up to 10 appliances in a cluster, offering a maximum of 7500 AnyConnect and/or clientless VPN peers or 7500 IPsec VPN peers per cluster.

Reiterating:

The ASA 5520 750 site-site VPN capability is in the base license / product (Part number ASA5520-BUN-K9 or ASA5520-K8 depending on whther you are eleigible to pruchase the strong encryption (-BUN-K9) version)

The AnyConnect user licenses required depend on whether you need Anyconnect Essentials or Premium. The Anyconnect data sheet outlines the differences. Essentials is one license that allows up to 750 clients to use the appliance simultaneously. Premium (which cannot be loaded at the same time as Essentials) requires the licenses to be purchased according to the tiered per user scheme.

Shared licenses are shared among ASAs in a cluster (2 or more units configured together).

There is the concept of licenses in a failover (2-unit) cluster. That is automatic - i.e. the license numbers are additive and shared up to the platform capability. the ASA5500-SSL-750 part would be used in that setup.

There is also the concept of an anyconnect Premium Shared Server. In that scheme, the shared server allocates licenses in 50 unit blocks to the cluster membes ars they need them. The ASA-VPNS-1000 part number you mention is used in that sort of setup.

giovane.ma · ‎02-13-2012

thanks Marvin. Now it's clear!

Thankyou