Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6576
Views
29
Helpful
10
Replies

Cisco ASA 5516-X Licenses

VCsupport17
Level 3
Level 3

‎03-13-2017 03:26 AM

Hello Community,

I am new with Cisco ASA firewall. We have ordered Cisco ASA 5516-X as shown below and already installed onsite.

Line Number Item Name Description Service Duration
1.0 ASA5516-FTD-K9 ASA 5516-X with Firepower Threat Defense, 8GE, AC N/A
1.0.1 CON-SNT-ASA5K16F SNTC-8X5XNBD ASA 5516-X with Firepower Threat Defense 12.0 month(s)
1.1 CAB-ACU AC Power Cord (UK), C13, BS 1363, 2.5m N/A
1.2 SF-ASA-TD6.1-K9 Cisco Firepower Threat Defense software v6.1 for ASA5500-X N/A
1.3 ASA5516-SSD ASA 5516-X SSD N/A
       
2.0 L-ASA5516T-TMC= Cisco ASA5516 Threat Defense Threat, Malware and URL License N/A
2.0.1 L-ASA5516T-TMC-1Y Cisco ASA5516 Threat Defense Threat, Malware and URL 1Y Subs 12.0 month(s)
       
3.0 FS-VMW-2-SW-K9 Cisco Firepower Management Center,(VMWare) for 2 devices N/A
3.0.1 CON-ECMU-VMWSW2 SWSS UPGRADES Cisco Firepower Management Center,(VMWare) for 12.0 month(s)

If we need to enable Site-to site and client-to-site VPN, what licenses we need to purchase?

Our Cisco ASA 5516-X version:

Thank you

1 person had this problem
Labels:
10 Replies 10

Karsten Iwen
VIP
VIP

‎03-13-2017 03:48 AM

You don't need any extra license. But you can't do any remote-access VPNs with your box as that is not implemented yet in FirePOWER Tread Defense. You have two choices:

  1. Wait for a release that implements Remote Access VPNs. I would expect that release later this year.
  2. Change the software on the Device to "ASA with FirePOWER".

If you choose 2), you reseller will probably help you with that.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-13-2017 05:50 AM

Remote access SSL VPN will be included in FTD 6.2.1, projected to be released in the coming month. This was being shared widely at Cisco Live Melbourne last week. 

That feature will require AnyConnect licenses. There will be a new delivery type to match the Smart licenses that are the sole license type used by FTD. 

I'm surprised your reseller sold you the FTD image without qualifying that requirement for you. 

Karsten Iwen
VIP
VIP
In response to Marvin Rhoads

‎03-13-2017 05:58 AM

6.2.1? Great news!!! That was the last showstopper for some of my deployments ...

(And thanks for clarifying the need for AnyConnect-licenses. I only thought about FTD-licenses without thinking about that it's unlikely that the original  poster already has these)

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Karsten Iwen

‎03-13-2017 06:11 AM

Hi Karsten - yes it was good to hear.

There were a few caveats - one that I recall is no support for 2 factor authentication in the first iteration. Another is that it's full client only - no clientless SSL VPN.

I'm hopeful but a bit wary - even though it's in 6.2.1 it will be a refactor of the code and thus not as mature as the AnyConnect support we know well on the ASA image. 

0 Helpful

keitholsen
Level 1
Level 1
In response to Marvin Rhoads

‎05-04-2017 03:22 PM

Hello,

I notice your post above is from 2 months ago, and indicates 6.2.1was projected to ship in a month...looking on the support site I only see up to 6.2.0.1, and that has no mention of support for AnyConnect.

Has there been any updates to the timeline for remote VPN access via AnyConnect with the FTD image?

Thanks!

Keith

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to keitholsen

‎05-04-2017 08:22 PM

Futures and Cisco are always a bit hard to predict precisely as they don't generally publicly commit to shipping dates.

We do have an update though - 6.2.1 will be released initially next week in conjunction with First Customer Ship (FCS) of the FirePOWER 2100 series. That initial release will be ONLY for the 2100 series and will include SSL VPN.

We are told to expect 6.2.2 in June and that will include support across all platforms (FirePOWER service module on ASA, FTD on both ASA and FirePOWER appliances as well as classic FirePOWER appliances (3D series).

keitholsen
Level 1
Level 1
In response to Marvin Rhoads

‎05-04-2017 08:22 PM

Thanks Marvin,

I have a customer who purchased a Firepower upgrade late last year, and is only just now getting around to installing it...and I initially thought might as well just reimage to FTD.

Not sure if he's using the VPN or not, so wanted to let him know when the FTD image would support that so he can go right to that...if it's applicable for him....

Thanks!

Keith

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to keitholsen

‎05-04-2017 08:26 PM

You're welcome.

If you are a partner, follow the Partner Security Community page and watch for the presentations from this week's Security SEVT. There will be many details there once the slides are posted.

itsupport
Level 1
Level 1
In response to Marvin Rhoads

‎07-17-2017 10:49 PM

"We are told to expect 6.2.2 in June and that will include support across all platforms"

Seems you were told incorrectly. This is looking more like vaporware every day.  :(

https://en.wikipedia.org/wiki/Vaporware

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to itsupport

‎07-17-2017 11:02 PM

Well I did preface my post with "Futures and Cisco are always a bit hard to predict precisely as they don't generally publicly commit to shipping dates."

6.2.1 is out with the AnyConnect SSL VPN support on the FTD 2100 series.

0 Helpful
Customers Also Viewed These Support Documents