03-13-2017 03:26 AM
Hello Community,
I am new with Cisco ASA firewall. We have ordered Cisco ASA 5516-X as shown below and already installed onsite.
Line Number | Item Name | Description | Service Duration |
1.0 | ASA5516-FTD-K9 | ASA 5516-X with Firepower Threat Defense, 8GE, AC | N/A |
1.0.1 | CON-SNT-ASA5K16F | SNTC-8X5XNBD ASA 5516-X with Firepower Threat Defense | 12.0 month(s) |
1.1 | CAB-ACU | AC Power Cord (UK), C13, BS 1363, 2.5m | N/A |
1.2 | SF-ASA-TD6.1-K9 | Cisco Firepower Threat Defense software v6.1 for ASA5500-X | N/A |
1.3 | ASA5516-SSD | ASA 5516-X SSD | N/A |
2.0 | L-ASA5516T-TMC= | Cisco ASA5516 Threat Defense Threat, Malware and URL License | N/A |
2.0.1 | L-ASA5516T-TMC-1Y | Cisco ASA5516 Threat Defense Threat, Malware and URL 1Y Subs | 12.0 month(s) |
3.0 | FS-VMW-2-SW-K9 | Cisco Firepower Management Center,(VMWare) for 2 devices | N/A |
3.0.1 | CON-ECMU-VMWSW2 | SWSS UPGRADES Cisco Firepower Management Center,(VMWare) for | 12.0 month(s) |
If we need to enable Site-to site and client-to-site VPN, what licenses we need to purchase?
Our Cisco ASA 5516-X version:
Thank you
03-13-2017 03:48 AM
You don't need any extra license. But you can't do any remote-access VPNs with your box as that is not implemented yet in FirePOWER Tread Defense. You have two choices:
If you choose 2), you reseller will probably help you with that.
03-13-2017 05:50 AM
Remote access SSL VPN will be included in FTD 6.2.1, projected to be released in the coming month. This was being shared widely at Cisco Live Melbourne last week.
That feature will require AnyConnect licenses. There will be a new delivery type to match the Smart licenses that are the sole license type used by FTD.
I'm surprised your reseller sold you the FTD image without qualifying that requirement for you.
03-13-2017 05:58 AM
6.2.1? Great news!!! That was the last showstopper for some of my deployments ...
(And thanks for clarifying the need for AnyConnect-licenses. I only thought about FTD-licenses without thinking about that it's unlikely that the original poster already has these)
03-13-2017 06:11 AM
Hi Karsten - yes it was good to hear.
There were a few caveats - one that I recall is no support for 2 factor authentication in the first iteration. Another is that it's full client only - no clientless SSL VPN.
I'm hopeful but a bit wary - even though it's in 6.2.1 it will be a refactor of the code and thus not as mature as the AnyConnect support we know well on the ASA image.
05-04-2017 03:22 PM
Hello,
I notice your post above is from 2 months ago, and indicates 6.2.1was projected to ship in a month...looking on the support site I only see up to 6.2.0.1, and that has no mention of support for AnyConnect.
Has there been any updates to the timeline for remote VPN access via AnyConnect with the FTD image?
Thanks!
Keith
05-04-2017 08:22 PM
Futures and Cisco are always a bit hard to predict precisely as they don't generally publicly commit to shipping dates.
We do have an update though - 6.2.1 will be released initially next week in conjunction with First Customer Ship (FCS) of the FirePOWER 2100 series. That initial release will be ONLY for the 2100 series and will include SSL VPN.
We are told to expect 6.2.2 in June and that will include support across all platforms (FirePOWER service module on ASA, FTD on both ASA and FirePOWER appliances as well as classic FirePOWER appliances (3D series).
05-04-2017 08:22 PM
Thanks Marvin,
I have a customer who purchased a Firepower upgrade late last year, and is only just now getting around to installing it...and I initially thought might as well just reimage to FTD.
Not sure if he's using the VPN or not, so wanted to let him know when the FTD image would support that so he can go right to that...if it's applicable for him....
Thanks!
Keith
05-04-2017 08:26 PM
You're welcome.
If you are a partner, follow the Partner Security Community page and watch for the presentations from this week's Security SEVT. There will be many details there once the slides are posted.
07-17-2017 10:49 PM
"We are told to expect 6.2.2 in June and that will include support across all platforms"
Seems you were told incorrectly. This is looking more like vaporware every day. :(
https://en.wikipedia.org/wiki/Vaporware
07-17-2017 11:02 PM
Well I did preface my post with "Futures and Cisco are always a bit hard to predict precisely as they don't generally publicly commit to shipping dates."
6.2.1 is out with the AnyConnect SSL VPN support on the FTD 2100 series.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide