ASA VPN license (SSL vs essentials)

jcarvalh · ‎02-24-2015

Hello.

I have installed 10 premium SSL licenses into na ASA and I have read that Anyconnect Premium and Essentials could not run simultaneously. However I have the following output after installing 10 SSL-Premiun licenses:

AnyConnect Premium Peers : 10 perpetual
AnyConnect Essentials : 250 perpetual

Am I missing something? Do I need to explicitly disable anyconnect essential?

Also, does this mean that after I have 10 phones connected to CUCM via ASA I will not be able to connect to a VPN using Anyconnect Client, since all licenses are being used?

Thanks,

João Carvalho

Marvin Rhoads · ‎02-24-2015

You have licenses installed for both Essentials and Premium.

Which one is active and thus usable per your configuration is controlled by the command "anyconnect-essentials". That command will allow only Essential features to be used. If it is absent, you will be using the Premium license up to 10 concurrent remote users at which point new remote access SSL VPN connections will no longer be able to establish.

jcarvalh · ‎02-25-2015

Hello Marvin.

Now I am confused. I read that I need SLL-Premium licenses for IP Phone to connect remotely to CUCM using SSL tunnels.

However when i do a sh vpn-sessiondb detail anyconnect I see that :

Protocol : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License : AnyConnect Essentials, AnyConnect for Cisco VPN Phone

So if I am using Essentials license how is the phone capable of registering to CUCM if I do not have the correct license activated?

I assume that if I activate Premium License, I can have 10 SSL VPN connections and simultaneously I can have users connected using Anyconnect Client. Am I correct?

Thank you,

João.

jcarvalh · ‎02-25-2015

After posting the previous post I remember that we have 2 SSL licenses by default. Probably that is why I can register one IP Phone via SSL tunnel; if so, I can register up to two IP Phones with essentials license.

Regards,

João.