[c-nsp] Cisco anyconnect license question
Ulrik Ivers
ulrik.ivers at excanto.se
Tue Oct 10 09:40:09 EDT 2017
Hi,
The license actually opens up the ASA up to the maximum number of VPN sessions that the box can support. BUT, you are only legally allowed to have as many users that have the ability to use VPN as the number of user-based licenses you have purchased.
So, there is a difference on what number of users that HAVE THE RIGHT to use VPN, and the number of users that technically can connect. As far as I know there is no license enforcement today, it's honor based. Who knows what will happen in future SW upgrades and versions of AnyConnect...
I actually had a case with Cisco pre-sale support regarding this a couple years ago. Here's a quote from that conversation:
<-- quote -->
I can indeed confirm that there is no license key that has to be installed in the client, we continue to use our previous ASA internal licensing/activation keys with the new licensing.
So we are continuing to enforce using ASA activation keys on ASAs.
As the licensing is user based and the current ASA activation keys session based, we cannot really enforce it on a per user on the ASA equipement today.
In practice what we do is that after receiving a PAK following an order you can use the licensing portal to register an ASA and will receive an activation key for that ASA. And this will activate all VPN features for that ASA and for the maximum platform capacity of the ASA itself.
So in a way the licensing we have right now if half enforced (using activation keys to activate VPN on ASA) and half paper model (as we have no way to enforce this on a per user basis).
<-- end quote -->
Regards
/Ulrik
-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Satish Patel
Sent: den 9 oktober 2017 15:45
To: dave at brockmans.com; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco anyconnect license question
So I can you any number of user with 25 users license? Why Cisco doing this and what is the point to buy bigger license?
Sent from my iPhone
> On Oct 8, 2017, at 7:08 AM, dave at brockmans.com wrote:
>
> The Activation keys appear to modify the concurrent user # based on
> platform. When I order 25 users for a 5506, I get 25 users activated.
> When I order 25 users on a 5512, I get 250 anyconnect users. Larger
> units get even more. I'm not sure if there is a clip at 25
> concurrent, but I don't think there is.
>
> Regards,
>
> dtb
>
>> On 2017-10-07 15:23, Satish Patel wrote:
>> Folks,
>> We have L-AC-PLS-LIC= license for 25 users for 3 month
>> subscription, which i have activated but in show activation-key
>> output i am not seeing anywhere 25 users quantity, its showing 5000
>> (we have
>> ASA5585X)
>> AnyConnect Premium Peers : 5000 perpetual
>> AnyConnect Essentials : Disabled perpetual
>> You can see in following full output.
>> Licensed features for this platform:
>> Maximum Physical Interfaces : Unlimited perpetual
>> Maximum VLANs : 1024 perpetual
>> Inside Hosts : Unlimited perpetual
>> Failover : Active/Active perpetual
>> Encryption-DES : Enabled perptual
>> Encryption-3DES-AES : Enabled perpetual
>> Security Contexts : 2 perpetual
>> Carrier : Disabled perpetual
>> AnyConnect Premium Peers : 5000 perpetual
>> AnyConnect Essentials : Disabled perpetual
>> Other VPN Peers : 5000 perpetual
>> Total VPN Peers : 5000 perpetual
>> AnyConnect for Mobile : Enabled perpetual
>> AnyConnect for Cisco VPN Phone : Enabled perpetual
>> Advanced Endpoint Assessment : Enabled perpetual
>> Shared License : Disabled perpetua
>> Total TLS Proxy Sessions : 2 perpetual
>> Botnet Traffic Filter : Disabled perpetual
>> 10GE I/O : Enabled perpetual
>> Cluster : Disabled perpetual
>> This platform has an ASA5585-SSP-10 VPN Premium license.
>> Failover cluster licensed features for this platform:
>> Maximum Physical Interfaces : Unlimited perpetual
>> Maximum VLANs : 1024 perpetual
>> Inside Hosts : Unlimited perpetua
>> Failover : Active/Active perpetual
>> Encryption-DES : Enabled perpetual
>> Encryption-3DES-AES : Enabled perpetual
>> Security Contexts : 4 perpetual
>> Carrier : Disabled perpetual
>> AnyConnect Premium Peers : 5000 perpetual
>> AnyConnect Essentials : Disabled perpetual
>> Other VPN Peers : 5000 perpetual
>> Total VPN Peers : 5000 perpetual
>> AnyConnect for Mobile : Enabled perpetual
>> AnyConnect for Cisco VPN Phone : Enabled perpetual
>> Advanced Endpoint Assessment : Enabled perpetual
>> Shared License : Disabled perpetual
>> Total TLS Proxy Sessions : 4 perpetual
>> Botnet Traffic Filter : Disabled perpetual
>> 10GE I/O : Enabled perpetual
>> Cluster : Disabled perpetual
>> This platform has an ASA5585-SSP-10 VPN Premium license.
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list