Home / server / Questions / 1014824
In Process
Vadim Rybalko
Asked: 2020-04-30 07:39:00 +0800 CST

Is The Cisco AnyConnect licenses shariable between two low-end ASAs?

  • 772

I have two low-end Cisco ASA 5506-X with bundled Security Plus licenses. These ASAs are just for remote dial-in VPN access for our staff.

Now all users using IKEv2 and IPSec/L2TP (IKEv1) connection methods but IPSec works unstable sometimes under some public networks.

I set up an SSL-VPN method that works fine with the Cisco AnyConnect desktop client (Linux and macOS) but doesn't work with the AnyConnect mobile client on iOS from Apple AppStore (VPN server says: No license).

Is there any difference between licenses on AnyConnect desktop and mobile devices? Or this is another restriction effect?

I plan to buy a package of 25 Cisco L-AC-PLS-3Y-S1 subscriptions for our users. Can I share this license between two ASA 5506-X devices in active/standby? I have no TAC or another Cisco contracts and I need just a VPN access feature.

I know that Cisco made changes to the AnyConnect licensing models a few years ago and most AnyConnect docs are out of date. There are not enough docs about modern AnyConnect licenses.

The Running Activation Key feature: 2 security contexts exceed the limit on the platform, reduced to 0 security contexts.

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 30             perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Standby perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Carrier                           : Disabled       perpetual
AnyConnect Premium Peers          : 50             perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 50             perpetual
Total VPN Peers                   : 50             perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Shared License                    : Disabled       perpetual
Total TLS Proxy Sessions          : 160            perpetual
Botnet Traffic Filter             : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has an ASA 5506 Security Plus license.
vpn cisco-vpn cisco licensing anyconnect

1 Answers

  1. Cisco ASA configuration Guide 9.0 page 189 discusses just this (it's a 2,164 page document!)

    I can't speak to recent changes as I don't use AnyConnect. However, I do own a Cisco ASA 5505 with the most recent available software and Security Plus license - man are they a bargain right now since the 5506 came out - and haven't had any problems with anything I've used from that PDF.

    • 0