Cisco ASA 5505 User Manual

64-7

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 64 Configuring IPsec and ISAKMP

Licensing Requirements for Remote Access IPsec VPNs

ASA 5585-X with
SSP-10

•

IPsec remote access VPN using IKEv2 (use one of the following):

–

AnyConnect Premium license:

Base license: 2 sessions.

Optional permanent or time-based licenses: 10, 25, 50, 100, 250, 500, 750, 1000, 2500, or
5000 sessions.

Optional Shared licenses

2

: Participant or Server. For the Server license, 500-50,000 in

increments of 500 and 50,000-545,000 in increments of 1000.

–

AnyConnect Essentials license

3

: 5000 sessions.

•

IPsec remote access VPN using IKEv1 and IPsec site-to-site VPN using IKEv1 or IKEv2:

Base license: 5000 sessions.

ASA 5585-X with
SSP-20, -40, and -60

•

IPsec remote access VPN using IKEv2 (use one of the following):

–

AnyConnect Premium license:

Base license: 2 sessions.

Optional permanent or time-based licenses: 10, 25, 50, 100, 250, 500, 750, 1000, 2500, 5000,
or 10000 sessions.

Optional Shared licenses

2

: Participant or Server. For the Server license, 500-50,000 in

increments of 500 and 50,000-545,000 in increments of 1000.

–

AnyConnect Essentials license

3

: 10000 sessions.

•

IPsec remote access VPN using IKEv1 and IPsec site-to-site VPN using IKEv1 or IKEv2:

Base license: 10000 sessions.

1.

The maximum combined VPN sessions of all types cannot exceed the maximum sessions shown in this table. For the ASA 5505, the maximum combined
sessions is 10 for the Base license, and 25 for the Security Plus license.

2.

A shared license lets the ASA act as a shared license server for multiple client ASAs. The shared license pool is large, but the maximum number of sessions
used by each individual ASA cannot exceed the maximum number listed for permanent licenses.

3.

The AnyConnect Essentials license enables AnyConnect VPN client access to the ASA. This license does not support browser-based SSL VPN access or
Cisco Secure Desktop. For these features, activate an AnyConnect Premium license instead of the AnyConnect Essentials license.

Note: With the AnyConnect Essentials license, VPN users can use a Web browser to log in, and download and start (WebLaunch) the AnyConnect client.

The AnyConnect client software offers the same set of client features, whether it is enabled by this license or an AnyConnect Premium SSL VPN Edition
license.

The AnyConnect Essentials license cannot be active at the same time as the following licenses on a given ASA: AnyConnect Premium license (all types)
or the Advanced Endpoint Assessment license. You can, however, run AnyConnect Essentials and AnyConnect Premium licenses on different ASAs in
the same network.

By default, the ASA uses the AnyConnect Essentials license, but you can disable it to use other licenses by using the no anyconnect-essentials command.

For a detailed list of the features supported by the AnyConnect Essentials license and AnyConnect Premium license, see AnyConnect Secure Mobility
Client Features, Licenses, and OSs:

http://www.cisco.com/en/US/products/ps10884/products_feature_guides_list.html

Model

License Requirement

1