Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

SSL VPN Licensing on ASA

Hi All,

Inorder to use SSL VPN (client based) ASA5510, what is the licensing requirement. From the below 'sh ver'.. can we tell how any SSL VPN clients the ASA supports..??


Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : ☻CNlite-MC-Boot-Cisco-1.2

SSL/IKE microcode: ♥CNlite-MC-IPSEC-Admin-3.03

IPSec microcode : ☺CNlite-MC-IPSECm-MAIN-2.04

0: Ext: Ethernet0/0 : address is 000f.f775.944a, irq 9

1: Ext: Ethernet0/1 : address is 000f.f775.944b, irq 9

2: Ext: Ethernet0/2 : address is 000f.f775.944c, irq 9

3: Ext: Ethernet0/3 : address is 000f.f775.944d, irq 9

4: Ext: Management0/0 : address is 000f.f775.944e, irq 11

5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11

6: Int: Not licensed : irq 5

7: Ext: GigabitEthernet1/0 : address is 0014.6a21.ca0e, irq 255

8: Ext: GigabitEthernet1/1 : address is 0014.6a21.ca0f, irq 255

9: Ext: GigabitEthernet1/2 : address is 0014.6a21.ca10, irq 255

10: Ext: GigabitEthernet1/3 : address is 0014.6a21.ca11, irq 255

11: Int: Internal-Data1/0 : address is 0000.0003.0002, irq 255

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 25

Inside Hosts : Unlimited

Failover : Active/Standby

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 0

GTP/GPRS : Disabled

VPN Peers : 250

WebVPN Peers : 2

This platform has an ASA 5510 Security Plus license.


Thank you



Re: SSL VPN Licensing on ASA

All ASA comes with two free SSL webvpn peers(seen as WebVPN Peers : 2 )

ASA5510 support up to 250 SSL VPN user sesions

You can buy the SSL license in a block of either 10, 25, 50, 100, 250, 500, 750, 1000, 2500, and 5000 depending on your ASA5500 platform.

If you have failover ASA you need to also buy same quantity of SSL license for the standby unit as well.


Re: SSL VPN Licensing on ASA

Thank you Jorge. Also, anotehr quick quest does SSL VPN configs support backup SSL VPN server..? (the question may not make much sense though..:-)) Or the users has to aware of backup server url or ip to connect to secondary server incase of primary server not available..?

Thnak you


Re: SSL VPN Licensing on ASA

MS, when you say support backup ssl vpn server are you refering when using active/standby ASA's? , if so I would say ssl clients would have to reconnect, this is an educated guess, PLS let me know if I have misunderstood your question.

Stateful information


Re: SSL VPN Licensing on ASA

No Jorge, I undestand SSL vpn supports Active/Standby. But lets say if I have 2 SSL VPN servers at 2 different physical locations for DR purpose. Incase the primary https://server1 is unreachable, then is there anyway user automatically gets redirected to 2nd server (still typing http://server1) to connect to network..? or does this needs dynamic dns..? Iam asking this, as using VPN client s/w on laptops, we can define the backup server and so s/w aware to go to 2nd server without user intervention. Just wondering such kind is avail in SSL VPN as well.

Thank you


Re: SSL VPN Licensing on ASA

MS, I see your point .. that would most likely be inplemented with some sort of dynamic DNS as you indicated . As far as I know ASA being your SSL server does not have that dynamic function.

In your scenario you will have two different ISPs IPblocks at different locations, there is an interesting article I saved while ago that talks about multiple address records associated with a single domain name, dynamic dns.

Read BGP session down



CreatePlease to create content