I have a base 5505 and would like to get AnyConnect working. To do that, would I have to first purchase either an essentials or premium license and then purchase the AnyConnect Mobile license?
Our customer has purchased 2 x L-ASA-AC-E-5520= Anyconnect Essentials VPN Licenses (750 Users)Ive installed both activated licenses as per the cisco guides, I didnt get any errors on the install. I did a reload on both, they are both back up and running as active/standby but when I do a sh ver the license still shows "ASA 5520 VPN Plus License"Am I being dumb and has this worked successfully or should it not now display Anyconnect when I do a sh ver?
we have ASA 5510 with IPS and base license. Now we need Anyconnect support for more than 2 users.
Is for Anyconnect (tunnel-mode) only the Anyconnect Essentials license enough? Do I need a license for SSL VPN peers? What about Anyconnect clientless, I see that I need a premium license? Is this one enough ASA5510-SSL50-K9? It is really expensive in comparison with Anyconnect Essentials.
Here is my sh ver output:
Licensed features for this platform:Maximum Physical Interfaces : Unlimited Maximum VLANs : 50 Inside Hosts : Unlimited Failover : DisabledVPN-DES : Enabled
We have bought L-ASA-AC-PH-5520=Anyconnect Vpn Phone License for our Cisco Phones but when we entered this license into our ASA it shows th following i.e enabled for linksys phones. Is there a diff part no to enable vpn for cisco phones. [code]
I have ASA 5505 (8.4)I set up SSL AnyConnect VPN. I am able to connect from PC and MAC desktop computers using AnyConnect client but when I try use mobile device I am receiving error.Do I need buy the L-ASA-AC-M-5505=license?I see in description Platform: WindowsMy question is would it work with Apple mobile devices (iPhone, iPad)?
I have consulted a Cisco partner, as well as two different sources at Cisco and it seems remarkably difficult to find solid answers on anyconnect mobile licensing. I've got a pair of 5550s running 8.3.2 in active/standby. Based on the following license configuration, what do I need to support mobile clients? Anyconnect for mobile is obvious. Essentials? Since changes in 8.3 can I get away with one anyconnect for mobile license or do I need one per firewall? How many mobile clients would I be licensed for, 2500 per firewall? [code]
I have 50 SSL Premium licenses on my ASA 5520 running 8.4. I want to run Anyconnect on IPAD- and IPHONE-devices but it seems that this requires a Mobile-license on top of the premium-license. Is it possible to receive an evaluation-license for this? It will take a few days to receive permanent licenses and I want to user this now.
I'm planning to upgrade Cisco ASA 8.2 to an anyconnect essentials and mobile license. Are there any concerns with some users continuing to utilize the cisco vpn IPSEC client while others migrate to the Anyconnect? I just want to make sure when I upgrade the license that there will not be an immediate requirment to have all users switch to Anyconnect immediately.
I need to activate AnyConnect SecureMobility client on an IPAD. I have an ASA with the below feature licenses:
[code]...
This platform has an ASA 5520 VPN Plus license
As I've understood that I need the ASA-AC-M-5520 license for each IPAD used but they mentioned that we need also the Essential or premium license to be activated on the ASA as well. As shown above, I have the "VPN Plus license" activated on the firewall.
What's the difference between VPN Plus license and Security Plus license. I have new 5520 shipped with VPN Plus license.Also does it require a seperate license for Anyconnect for Mobile and AnyConnect Essentials.
I am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?
I purchased the license P/N: ASA-CSC20-250U-1Y with Description: ASA 5500 CSC-SSM-20 250-User License Only Renewal (1-year)
But I had a mistake because I need support to 500 users. Now, to solve my mistake I want to know Do I can purchase another ASA-CSC20-250U-1Y to provide the 500 users suppor?
I mean, ¿are two (2) ASA-CSC20-250U-1Y equivalent to the 500 user license listed below?P/N, ASA-CSC20-500U-1Y with Description: ASA 5500 CSC-SSM-20 500-User License Only Renewal (1-year)
What terminal/console server hardware platforms are you using and what do you prefer? I prefer Cisco terminal servers because of the ease and standard use of it.For a new project layout, I was given a opengear IMX4216. The terminal console is web based and I just dont like it(certain key-strokes not going through, terminal window size, etc).The project already has a separate PDU for remote power management, therefore this is simply being used as a remote serial console server.If I had to purchase the device for a similar purpose, I would not mind it, I guess. But to run it in prod, I'm not very fond of it!
I manage Wi-Fi on a college campus, and we have implemented 802.1x with RADIUS authentication running on a Windows server, and that works well. The issue is that the college is looking at removing wired connections in the dorms in favor of just deploying wireless, and the gaming consoles (Xbox, PS3, etc. ) cannot support 802.1x. We use Cisco 5508 Wireless LAN controllers with 1142 and 3602 APs.
I would like to enable MAC address authentication for these gaming consoles, wherein we (IT) would enter the MAC address of the console for a single connection and allow that console to connect to Wi-Fi, but I do not want to use WEP or any other TKIP passwords, because once the students would know the password they would use WEP/WPA instead of authenticating through RADIUS for their PC/tablet connections. .
I would like to define a general policy for our company to set the log buffer ("logging buffered xxx"). Currently, most of our configs use the default value of 4096, which does not store much of the history. I'd like to see more, when logged onto a router. We are using different router platforms (from old 1700 up to 39xx oder 72xx) Can you give me any hints, how large the buffer can be set on a platform? Which checks should I do to determine, how large I can set the buffer?
Cisco says: "Total = the total amount of memory available after the system image loads and builds its data structures."So, in this example, the total bytes are 17803244, which is ~ 16.9 Mbyte. So, if I allocate 64000 bytes, my total buffer will decrease to ~16,3 Mbyte.
I my calculation above is correct, I see no problem in defining a standard value of "logging buffered 64000" for every router platform - even under high load conditions. Since 64 kbytes is a very small value compared to the total usable memory of a Cisco 1720, newer platforms should not have any problems either.
We are looking to replace some aging 3560 switches with 100Mb/s interfaces. They service IP phones and workstations.
For having IP phones directly connected to access switches that are also servicing workstations, we don't need L3 routing except in the core, so the question is what would we lose if we used 2960S switches for access switches.
I understand from having spoken with Cisco TAC that a limited subset of QoS is available on the 2960S platform. Does that includes the priority queue that is enabled when you turn on mls qos on a L3 switch?
Yesterday Cisco released IOS 15 code into the wild for the 2960 and 3560/3750 families but the link to the release notes is not working. Because I already have a whole bunch of 4500/Sup7's running IOS 15 I am thinking about taking the plunge with 30 3750-X's I have on order but want to review the release notes first. where they might be hiding?
I'm looking at implementing a new DMZ and wanted Netflow capability for security monitoring.The architectural principles I have to adhere to dictate that the switches within the DMZ are layer 2 however to get Netflow I need a minimum of a 3560/3750X, Network Services module, IP Base IOS with ip routing and CEF enabled.To do this and still keep the switch functioning as a layer 2 device the intention was not to configure SVI's or any static/dynamic routing protocols.Will Netflow still work in that scenario?
I have an HP OfficeJet J4500 that works fine with shareport on my Win7 x64 computer. the XP and Win2000 ones both have the same "partial page then lockup" problem. when this happens, the only way to disconnect shareport is to reboot the router. It shows connected to the same computer even if I reboot that computer. I started with V1?? from the install disk then tried 3 and finally 4 with no improvement. I have read several posts about this or similar problems. This is the primary reason I switched routers and bought the D-Link DIR-655, for the print server feature...
I’m stuck in some problem with installation of LMS4.0 in customer site.
- we purchase a LMS4.0(CWLMS-4.0-100-K9) but couldn’t install it on Windows server 2008 R2 64bit because those things don’t support each other. - I need to upgrade the LMS4.0 to LMS4.2 that is supporting Windows server 2008 R2 64bit. - So, I ordered following items via product update tool (url...) [code]
- In this status, how to install LMS4.2 with license for 100 devices? If I install R-PI12-BASE-K9 first, can i enter a licese for 100 devices for CWLMS-4.0-100-K9 into PI1.2?
i have CSC-SSM-20 i want to renew the license to support 750 users for 3 years if i have base license only and if i have base and plus as bundle?i want to know the steps and also the part numbers and what is the difference between these two part numbers
ASA-CSC20-750UP-1YASA 5500 CSC-SSM-20 750-User w/ Plus Lic. Renewal (1-year) ASA-CSC20-750P-1YASA 5500 CSC-SSM-20 750-User Plus Lic. Only Renewal (1-yr)
My customer is asking to see the license for the SSM-10 card how do i access the card to show this information. the Firewall unit has a base licence installed.
I'm new to ASA and bought a used one from ebay but I cannot connect to the ASDM - I get an error in all the browsers.
Cannot communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)
Having browsed the support forums and Google - it seems I need the 3DES license. I have obtained an activation key from Cisco and applied it to my ASA 5505 however I get a warning about the device is licensed for a higher software level. the license on the ASA is Security plus. When I apply the activation key from Cisco most of the features are disabled.
I have 10 user license for Cisco ASA, i have to use this ASA for client connectivity. Can i do NAT of more than 10 users with this license? What i understand is NO.
But as per Below explaination looks like, i can if i am not doing default routing? Actually i just need to add a specific Route towards client DMZ interface on my ASA, no default route, so can i use more than 10 concurrent sessions with this license?
Do I need the security plus license to do HA with two 5520's?I was told by our purchasing department that the 5520 was supposed to be able to do HA out of the box, but when I look I see only the VPN + license. Does that mean I can download the security plus license? Or do I even need it on the 5520.
I have Cisco ASA5505 8.2(5) connected with Cisco 5520 8.2(1) via IPSEC tunnel, I was able to SSH from the inside 5520 to inside IP of the asa5505. but I after I upgrade the license to security plus at 5505 I lost the SSH and ASDM to inside IP of 5505 from the inside network of the 5520. however I still can use SSH and ASDM on outside IP of 5505.
I did a lot of testing to make it work but I couldn't I added SSH 0.0.0.0/0 inside and outside also I added acl on both interfaces. when I did a trace on the outside interface from the private network of 5520 to 5505 inside IP I got IPSEC spoofed by the way that trace only works with security plus because I try to test on all my other firewalls 8.2(5) it shows nothing and all my firewalls can accessed from the private network 5520 except the one with the security plus!
I have got ASA 5520. I am planning to install Cisco ASA AIP SSM-20 and Cisco ASA Content Security and Control (CSC) Security Services Module on ASA 5520.. However I am also thinking of adding AIP only as I can do the function of content filtering with proxy server. Relating this issue I would like to ask -
1. What would be the benefit of adding CSC ?
2. Do I have to pay the license cost every year for both of these SSM? What would be the cost ?
