Cisco VPN :: 5550 Anyconnect Mobile License
Oct 18, 2010
I have consulted a Cisco partner, as well as two different sources at Cisco and it seems remarkably difficult to find solid answers on anyconnect mobile licensing. I've got a pair of 5550s running 8.3.2 in active/standby. Based on the following license configuration, what do I need to support mobile clients? Anyconnect for mobile is obvious. Essentials? Since changes in 8.3 can I get away with one anyconnect for mobile license or do I need one per firewall? How many mobile clients would I be licensed for, 2500 per firewall? [code]
View 6 Replies
ADVERTISEMENT
Mar 22, 2013
I have ASA 5505 (8.4)I set up SSL AnyConnect VPN. I am able to connect from PC and MAC desktop computers using AnyConnect client but when I try use mobile device I am receiving error.Do I need buy the L-ASA-AC-M-5505=license?I see in description Platform: WindowsMy question is would it work with Apple mobile devices (iPhone, iPad)?
View 1 Replies
View Related
Mar 9, 2011
I have 50 SSL Premium licenses on my ASA 5520 running 8.4. I want to run Anyconnect on IPAD- and IPHONE-devices but it seems that this requires a Mobile-license on top of the premium-license. Is it possible to receive an evaluation-license for this? It will take a few days to receive permanent licenses and I want to user this now.
View 1 Replies
View Related
Dec 9, 2012
I need your support for upgrading the Security context license on 5550, at present we have 5 Security context license installed in ASA but we want it to increased till 10 conctexts. I want to understand if we need to get addtional 5 Security context license or 10.
View 5 Replies
View Related
May 22, 2011
According to Cisco, one of the ASAs must have an Unrestricted License [URL]:
"On the PIX/ASA Security appliance platform, at least one of the units must have an unrestricted (UR) license. The other unit can have a Failover Only Active-Active (FO_AA) license, or another UR license. Units with a Restricted license cannot be used for failover, and two units with FO_AA licenses cannot be used together as a failover pair."I am unfamiliar with the different ASA licenses, so with my current license, I am unable to enable failover on my two ASAs. Here is a snippet of the "show version" output on one of my ASAs (they are the same as far as licenses go):
Licensed features for this platform:Maximum Physical Interfaces : UnlimitedMaximum VLANs : 250Inside Hosts : UnlimitedFailover : Active/ActiveVPN-DES : EnabledVPN-3DES-AES : EnabledSecurity Contexts : 5GTP/GPRS : DisabledSSL VPN Peers : 10Total VPN Peers : 5000Shared License : DisabledAnyConnect for Mobile : DisabledAnyConnect for Cisco VPN Phone : DisabledAnyConnect Essentials : DisabledAdvanced Endpoint Assessment : DisabledUC Phone Proxy Sessions : 2Total UC Proxy Sessions : 2Botnet Traffic Filter : Disabled
This platform has an ASA 5550 VPN Premium license.
View 5 Replies
View Related
Nov 1, 2012
I have AnyConnect newly configured on my ASA 5550, running 8.2.x code; however, Mac users cannot connect using the Apple client, nor using the Cisco AnyConnect client - they are getting a "posture error" of some kind or the laptop is failing some kind of machine profiling.
View 3 Replies
View Related
May 11, 2011
I wonder what will be a normal speed for the anyconnect client when connected over the internet to a ASA 5550 vpn edition? Is it normal to get max 2 Mbps or higher?
View 3 Replies
View Related
Jun 18, 2012
Does the windows mobile OS 6.5 has its own Cisco AnyConnect VPN package?
View 1 Replies
View Related
May 14, 2012
how to configure AnyConnect on an ASA5505, but I wanted to check before to make sure I was going the right direction.
Setup: I have a very simple setup and basic goal. I currently just have one laptop on E0/1 of my ASA5505 and then the ASA configured with a static IP plugged to the Internet. I have the ASA correctly configured and can browse the web through the laptop. I also have the AnyConnect and AnyConnect Mobile licenses as well.
Goal: I want to set up AnyConnect on the ASA5505 and just establish a successful connection from an android mobile device running the necessary AnyConnect software from the market.
There are lots of guides for specifc set ups, but as described, I want to keep this as simple as possible.
[URL]
Also, I'm more comfortable with the CLI. Is it simpler to use the ASDM wizard for this?
View 2 Replies
View Related
Sep 13, 2011
I am setting up an ASA5505 to allow a VPN with certificate from AnyConnect Secure Mobility Client (iPad)However I get a "No License" message back from the ASA, on the iPad - Anyconnect.I remember reading the ASA5505 came with two licenses.
View 8 Replies
View Related
Sep 27, 2012
I'm a bit lost with licensing.I have an ASA 5510 and I would like to be able to use mobile devices (iOS/Android) with anyconnect. [code]
my cisco contact said me : "you need only ASA-AC-M-5510"
View 1 Replies
View Related
May 17, 2011
we have ASA 5510 with IPS and base license. Now we need Anyconnect support for more than 2 users.
Is for Anyconnect (tunnel-mode) only the Anyconnect Essentials license enough? Do I need a license for SSL VPN peers? What about Anyconnect clientless, I see that I need a premium license? Is this one enough ASA5510-SSL50-K9? It is really expensive in comparison with Anyconnect Essentials.
Here is my sh ver output:
Licensed features for this platform:Maximum Physical Interfaces : Unlimited Maximum VLANs : 50 Inside Hosts : Unlimited Failover : DisabledVPN-DES : Enabled
[Code]....
View 7 Replies
View Related
Jan 1, 2013
I currently have a HA pair of ASA5510's, as I understand it the 2 free premium licenses can be used by the mobile client as long as the ASA has the license for the mobile clients?
Can any one confirm that my understanding is correct, or would i need to buy a seperate Premium license a long with the mobile client license to enable this functionality?
View 1 Replies
View Related
Apr 20, 2012
We have bought L-ASA-AC-PH-5520=Anyconnect Vpn Phone License for our Cisco Phones but when we entered this license into our ASA it shows th following i.e enabled for linksys phones. Is there a diff part no to enable vpn for cisco phones. [code]
View 2 Replies
View Related
Oct 31, 2012
I have an SSL VPN set up on my ASA 5520 with a self signed cert. When I run the AnyConnect install on my desktop machine I have click through a few windows to accept the certificate. When I connect through the mobile client on Android, the connection goes right through without a prompt to import/choose/download a certificate. I'm able to connect but I'm wondering if the phone has actually recieved a certificate. I'm in the 'Advanced Connection Editor' screen and the certificate setting says "Automatic".
View 2 Replies
View Related
Jan 31, 2013
Running ASA ver 8.6(1)5.Question is do I need a license to run anyconnect from our Android platforms?
Currently have the following licenses installed Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 500 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
[code]....
View 1 Replies
View Related
Feb 29, 2012
I'm planning to upgrade Cisco ASA 8.2 to an anyconnect essentials and mobile license. Are there any concerns with some users continuing to utilize the cisco vpn IPSEC client while others migrate to the Anyconnect? I just want to make sure when I upgrade the license that there will not be an immediate requirment to have all users switch to Anyconnect immediately.
View 2 Replies
View Related
Mar 1, 2011
I need to activate AnyConnect SecureMobility client on an IPAD. I have an ASA with the below feature licenses:
[code]...
This platform has an ASA 5520 VPN Plus license
As I've understood that I need the ASA-AC-M-5520 license for each IPAD used but they mentioned that we need also the Essential or premium license to be activated on the ASA as well. As shown above, I have the "VPN Plus license" activated on the firewall.
View 1 Replies
View Related
Mar 29, 2012
I have a base 5505 and would like to get AnyConnect working. To do that, would I have to first purchase either an essentials or premium license and then purchase the AnyConnect Mobile license?
View 1 Replies
View Related
Mar 6, 2013
Our customer has purchased 2 x L-ASA-AC-E-5520= Anyconnect Essentials VPN Licenses (750 Users)Ive installed both activated licenses as per the cisco guides, I didnt get any errors on the install. I did a reload on both, they are both back up and running as active/standby but when I do a sh ver the license still shows "ASA 5520 VPN Plus License"Am I being dumb and has this worked successfully or should it not now display Anyconnect when I do a sh ver?
View 8 Replies
View Related
Oct 16, 2012
What's the difference between VPN Plus license and Security Plus license. I have new 5520 shipped with VPN Plus license.Also does it require a seperate license for Anyconnect for Mobile and AnyConnect Essentials.
View 1 Replies
View Related
Apr 3, 2013
I’m stuck in some problem with installation of LMS4.0 in customer site.
- we purchase a LMS4.0(CWLMS-4.0-100-K9) but couldn’t install it on Windows server 2008 R2 64bit because those things don’t support each other.
- I need to upgrade the LMS4.0 to LMS4.2 that is supporting Windows server 2008 R2 64bit.
- So, I ordered following items via product update tool (url...) [code]
- In this status, how to install LMS4.2 with license for 100 devices? If I install R-PI12-BASE-K9 first, can i enter a licese for 100 devices for CWLMS-4.0-100-K9 into PI1.2?
View 3 Replies
View Related
Aug 9, 2011
I need to change providers from Verizon to AT&T. This modem came with the AT&T Sim card installed in my notebook. The software (Dell Mobile Broadband Utility Help) says " Choose Network Selection from the Settings Menu. Select AT&T and click Load." Unfortunately, Network selection is not an option.
How do I do it? This modem is compatible with Verizon, AT&T and Sprint networks.
View 1 Replies
View Related
Aug 13, 2012
I'm trying to setup a tunnel from our Cisco 5520 to a 5550 using one of our external ips natted through this tunnel. For some reason traffic that should hit this tunnel goes through global nat. Here is the configs I have for this tunnel:
access-list policy-nat extended permit ip host 66.77.88.170 host 1.2.3.4
access-list Outside_cryptomap_60 extended permit ip inside-network 255.255.254.0 host 1.2.3.4
access-list Outside_cryptomap_60 extended permit ip host 66.85.99.170 host 1.2.3.4
[code]...
If I ping 1.2.3.4 from a inside ip host I see in the logs that it uses 66.77.88.136 as the NAT and not 66.77.88.170. Do you see something wrong with this configuration?
View 10 Replies
View Related
May 13, 2011
I have ASA5550 ruuning Version 8.3(1) with inside and outside interfaces as below [code] On the inside : I have a server (10.20.10.36) that need to be accessed from an outside host (Y.Y.131.34) , so I have the below NAT/ACL rules. [code] is it right that I have to add two ACL entry for outside host to the NATed IP of the inside server , then again add another ACL entry from the same outside host to the private IP of my inside server o get this communication done?
View 7 Replies
View Related
Feb 11, 2010
I need to disable approxematly 40 different VPN profiles in our ASA5550`s without deleting them (need the ability to quickly activate them again if needed). I thought maybe i could disable IPSec for those profiles, but since the IPSec is an attribute for Group Policy, i cant do it - as many other profiles are sharing the same policy.
View 2 Replies
View Related
May 14, 2013
In our company we use ASA 5550 as a VPN server (failover pair, FW 8.2(5)). Long time we used Cisco VPN client (easyVPN) only and some time ago we started to use L2TP/IPsec VPN from Windows clients.From this time we can see strange behavior. Some ip addreses (we use ipv4 only) from local VPN ip pool are getting unusable for clients. When client gets this ip address the traffic from client to intranet is ok but the traffic from intranet to the client is blocked. This behavior affect both L2TP/IPsec and easyVPN clients with this ip address.The packet trace shows that the traffic will be blocked because implicit deny ACL but ACL for the connected user is created:
Phase: 10
Type: ACCESS-LIST
Subtype: vpn-user
Result: DROP
Config:
Additional Information:
[code].....
We use RADIUS for authentication and ACL. Failover to the standby ASA solves the problem but this terminates all L2TP/IPsec VPN connections.We use Cisco Anyconnect VPN too and when Anyconnect client gets this „strange“ ip address he can communicate normally without problems. It looks like that this problem is related to IPsec. how to discover why ASA uses -implicit deny- instead of user ACL?
View 0 Replies
View Related
Dec 18, 2011
If my ISP brings ethernet into the building via duplex LC multimode fiber can I use the ASA5550 as the first device from the WAN or do I need some type of router for this? I realize I'll need an SFP to get to duplex LC, but I'm not sure if I need a router, or if the ASA can function as a router for this application.
View 9 Replies
View Related
Nov 26, 2012
Is it possible to know the VPN usage for a particular session using Cisco ASDM 6.4? Device type is ASA 5550. ASA version 8.4
View 4 Replies
View Related
Jan 31, 2012
we had just installed our ASA 5550 with IOS 8.0(2) a couple of week ago.
2 interfaces from each slot are being used ie 0/0 for Branch users comming via MPLS cloud , 0/1 for internal LAN users comming form Core Switch & 1/0 for Server farm LAN , 1/1 for Internet (outside)
the first 3 interface are considered inside with sec set at 100 while the 1/1 is outside with sec at 0.
Last night it suddenly started dropping all connections without any warning or any noticible log form the ASDM logging.
the connection drop would happen for 2 - 3 minutes and would work fine for the next 15 minutes or so..
after conencting the console , we found out that the IOS would suddelny go abrupt and show this display ...
TP-ASA(config)# TP-ASA(config)# TP-ASA(config)# Thread Name: Dispatch UnitPage fault: Address not mapped vector 0x0000000e edi 0x24d184b0 esi 0x0000000d ebp 0x1c6ceaf8 esp 0x1c6ceae0 ebx 0x09e965e0 edx
[Code]....
View 2 Replies
View Related
Sep 6, 2011
Currently on internship in a multi-site company, I am studying the IPv6 transition.I have to perform several tests and i was wondering if is it was possible to make a Site-to-Site IPSec VPN with IPv6 between a Cisco Asa 5550 and a Cisco 881 router.
View 17 Replies
View Related
Oct 4, 2011
I have looked in the books I have (Cisco ASA, PIX and FWSM; ASA 8.0) and googled a good bit but can't seem to find any specific mention of how to do NAT exemption with v8.4. It seems NAT exemption (NAT 0 access-list) was deprecated. Using ASDM, there's no corresponding menu item for this that is obvious.
We have public addresses inside the ASA and want to allow in/outbound connections using these IP's without NAT. The ASA is a 5550.
View 7 Replies
View Related
May 21, 2013
I need to understand if ASA 5550 ver 8.2(1) is comptible with IPv6, if not what is the upgrade path to make it IPv6 compatible. The requirement is dual stack of IPv4 and IPv6 should run in the same HA cluster and later will shift IPv6 completely.
The existing infrastructure is equipped with ASA with HA Active/Active mode. The command output for required details are attached here in txt mode.
View 2 Replies
View Related
