Guidelines and limitations, Remote pc system requirements, Remote https certificates limitation – Cisco ASA 5505 User Manual

75-5

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 75 Configuring AnyConnect VPN Client Connections

Guidelines and Limitations

Guidelines and Limitations

This section includes the guidelines and limitations for this feature.

Remote PC System Requirements

For the requirements of endpoint computers running the AnyConnect Secure Mobility Client, see the
release notes for the AnyConnect client version you are deploying with the ASA.

Remote HTTPS Certificates Limitation

The ASA does not verify remote HTTPS certificates.

Configuring AnyConnect Connections

This section describes prerequisites, restrictions, and detailed tasks to configure the ASA to accept
AnyConnect VPN client connections, and includes the following topics:

•

Configuring the ASA to Web-Deploy the Client, page 75-6

•

Enabling Permanent Client Installation, page 75-7

•

Configuring DTLS, page 75-8

•

Prompting Remote Users, page 75-8

1.

If you start a clientless SSL VPN session and then start an AnyConnect client session from the portal, 1 session is used in total. However, if you start the
AnyConnect client first (from a standalone client, for example) and then log into the clientless SSL VPN portal, then 2 sessions are used.

2.

The maximum combined VPN sessions of all types cannot exceed the maximum sessions shown in this table. For the ASA 5505, the maximum combined
sessions is 10 for the Base license, and 25 for the Security Plus license.

3.

A shared license lets the ASA act as a shared license server for multiple client ASAs. The shared license pool is large, but the maximum number of sessions
used by each individual ASA cannot exceed the maximum number listed for permanent licenses.

4.

The AnyConnect Essentials license enables AnyConnect VPN client access to the ASA. This license does not support browser-based SSL VPN access or
Cisco Secure Desktop. For these features, activate an AnyConnect Premium license instead of the AnyConnect Essentials license.

Note: With the AnyConnect Essentials license, VPN users can use a Web browser to log in, and download and start (WebLaunch) the AnyConnect client.

The AnyConnect client software offers the same set of client features, whether it is enabled by this license or an AnyConnect Premium SSL VPN Edition
license.

The AnyConnect Essentials license cannot be active at the same time as the following licenses on a given ASA: AnyConnect Premium license (all types)
or the Advanced Endpoint Assessment license. You can, however, run AnyConnect Essentials and AnyConnect Premium licenses on different ASAs in
the same network.

By default, the ASA uses the AnyConnect Essentials license, but you can disable it to use other licenses by using the no anyconnect-essentials command.

For a detailed list of the features supported by the AnyConnect Essentials license and AnyConnect Premium license, see AnyConnect Secure Mobility
Client Features, Licenses, and OSs:

http://www.cisco.com/en/US/products/ps10884/products_feature_guides_list.html