Cisco ASA users who bought the right Cisco ASA
hardware in their network may be frustrated by getting the hardware working
with proper license and functionality that requires one to navigate a maze of
confusing choices with different bundles, rules, and restrictions. Some of them
has put their questions when they need Cisco asa license or upgrading. Some
questions are raised like this:
“Can
someone clarify for me the SSL VPN/AnyConnect licensing for the ASA 5520? Specifically, the differences between the
AnyConnect Essentials and AnyConnect Premium. …I'd like to add 25 or perhaps 50
SSL VPN Licenses and be able to use a combination of clientless, thin client
and full client AnyConnect groups. Would
the "ASA5500-SSL-25" (or 50) be the correct license I need to
purchase?”
“Our
ASA 5505 with BASE license by default allowing only 10 concurrent vpn sessions
(including 2 Anyconnect+IPsec). attached TXT file with license information.
this firewal is use only for vpn access, and we have IPSec L2L vpn
tunnel, anyconnect, client less SSL vpn and IPSec client access vpn
configurations up and running, we are in plan to upgrade vpn license to archive
10 IPSec and 10 Anyconnect and 1 anyconect mobile VPN sessions at time. so my
questions are;
1.
can I buy "ASA5500-SSL-10=" license and upgrade our ASA 5505 without
buying "L-ASA5505-SEC-PL=" security pus license.
2.
Does asa Support to upgrade only SSL Anyconnect vpn license while keeping 10
IPSec vpn comes with base license.”
There are some typical questions we get
asked by customers on a daily basis regarding how ASA licensing works?
Q:
If we buy a new ASA (the same model) to replace our old ASA, do we need a new
license? Can we transfer?
A: Typically, licenses are non-transferable. Unless the old ASA is covered by SMARTNet, and that the new replacement ASA is a RMA issued directly by Cisco. That’s the only way to keep them.
A: Typically, licenses are non-transferable. Unless the old ASA is covered by SMARTNet, and that the new replacement ASA is a RMA issued directly by Cisco. That’s the only way to keep them.
Q:
What license will I need for the new replacement ASA?
A: This depends on the ASA’s topology and function in the network.
A: This depends on the ASA’s topology and function in the network.
-If
the ASA is to replace the main Shared Licensing Server, then it’ll need the
Shared Licensing Server license which will act as the license issuing server
for the participant licenses.
-If the ASA is to replace the Fail-over Server, it’ll only need a Participant License. This server will act as a back-up licensing server in case the primary server is unreachable. However, the Shared Licensing Server license is only good for ONE fail-over server.
-If the ASA is to be used as a participant, only a Participant License is required.
-If the ASA is to replace the Fail-over Server, it’ll only need a Participant License. This server will act as a back-up licensing server in case the primary server is unreachable. However, the Shared Licensing Server license is only good for ONE fail-over server.
-If the ASA is to be used as a participant, only a Participant License is required.
If you are interested in the Cisco Adaptive
Security Appliances as an option for your network and don’t know where to
start, you can contact
our excellent sales team who can get you started right away.
For more about router-switch.com, you can
visit here.
cisco@router-switch.com (Sales
Inquiries)
ccie-support@router-switch.com (CCIE Technical Support)
ccie-support@router-switch.com (CCIE Technical Support)
*Note:
ASA with IOS version prior to 8.3 and after 8.3
have different licensing options in regards to different active/standby
configurations.
More
Cisco ASA License Topics