AnyConnect 4 - Plus and Apex Licensing Explained
KB ID 0001013 Dtd 11/11/14
Problem
In October 2014 the new licensing model for AnyConnect 4 was released. Before version 4 we simply had AnyConnect Essentials and Premium licensing, now we have Plus and Apex licensing.
Solution
There are in fact three licensing options;
- Cisco AnyConnect Plus Subscription Licenses
- Cisco AnyConnect Plus Perpetual Licenses
- Cisco AnyConnect Apex Subscription Licenses
And two license types;
AnyConnect PLUS (Cisco pitch "Equivalent to the old Essentials License").
- VPN functionality for PC and mobile platforms, including per-app VPN on mobile platforms.
- Basic endpoint context collection (Note: NOT full ISE context support).
- IEEE 802.1X Windows supplicant.
- Cisco Cloud Web Security agent for Windows & Mac OS X platforms.
- Cisco Web Security Appliance support.
- FIPS compliance.
AnyConnect APEX (Cisco pitch "Equivalent to the old Premium License").
- Everything that's included in AnyConnect Plus.
- Clientless (browser-based) VPN termination on the Cisco ASA.
- VPN Compliance/Posture agent in conjunction with the Cisco ASA.
- Unified Compliance/Posture agent in conjunction with the Cisco ISE 1.3 or later.
- Next Generation Encryption/Suite B.
Both licenses are available as 1, 2 and 5 (not 3 as listed on the Cisco website) year subscription, or you can buy Plus licenses with a perpetual license option.
(Note: if you have a Plus Perpetual license you still need to purchase a software applications support plus upgrades (SASU) contract.
Regardless of which you buy, the SASU for AnyConnect is NOT included in the support contract for the parent device e.g. the SmartNet on your Cisco ASA Firewall.
To purchase support you order the parent license (SKU: L-AC-PLS-P-G) which has no cost, then you add in the relevant license for the amount of clients you have e.g. AC-PLS-P-500-S for 500 users, AC-PLS-P-2000-S for 2000 users etc.
BE AWARE: AnyConnect 4 Licenses will display as AnyConnect Premium licenses when you issue a 'show version' command. When adding an AnyConnect 4 License (regardless of the quantity of licenses added), will license to the maximum permitted AnyConnect Premium license count for the ASA hardware platform, those being;
Cisco ASA Maximum VPN Peers / Sessions
5505 = 25
5510 = 250
5520 = 750
5540 = 5,000
5550 = 5,000
5580 = 10,000
5510 = 250
5520 = 750
5540 = 5,000
5550 = 5,000
5580 = 10,000
Next Generation Platform (X)
5512-X = 250
5515-X = 250
5525-X = 750
5545-X = 2500
5555-X = 5000
5585-X = 10,000
5515-X = 250
5525-X = 750
5545-X = 2500
5555-X = 5000
5585-X = 10,000
No comments:
Post a Comment