Solved

Configure cisco anyconnect in Cisco ASA 5520 in active/active setup

Posted on 2015-01-11
4
415 Views
Last Modified: 2015-02-11
Hi All
  I would like to have cisco any connect configured in my ASA 5520, this is my show version result, please advise what type of license i need and if i need to update the iso or increase the memory, i  need to use it for 50 users.

Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)

Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"

Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
 0: Ext: GigabitEthernet0/0  : address is c84c.7599.47ba, irq 9
 1: Ext: GigabitEthernet0/1  : address is c84c.7599.47bb, irq 9
 2: Ext: GigabitEthernet0/2  : address is c84c.7599.47bc, irq 9
 3: Ext: GigabitEthernet0/3  : address is c84c.7599.47bd, irq 9
 4: Ext: Management0/0       : address is c84c.7599.47be, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 150
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Security Contexts            : 2
GTP/GPRS                     : Disabled
VPN Peers                    : 750
WebVPN Peers                 : 2
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions            : 2

This platform has an ASA 5520 VPN Plus license.
0
Comment
Question by:ITMaster1979
  • 2
4 Comments
 
LVL 6

Assisted Solution

by:Matt
Matt earned 167 total points
Comment Utility
You have only 2 WEB VPN licences.

I would first suggest to upgrade your ASA to 8.2.5 interim 52 build, it is the latest and stable build using the old NAT configuration. After that, you will have result like these for "show ver":

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 100
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 2
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 250
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has an ASA 5510 Security Plus license.


Total VPN Peers are AnyConnect + IPSEC VPN sessions (remote and site to site). You Will need AnyConnect Essentials licence and AnyConnect for Mobile if you have any users connecting with mobile devices, for example Apple iPAD can do it.
If you have ASA in cluster, then you Will have to buy licence for both devices because your version is below 8.3. CISCO has changed this in ASA 8.3 and above where you buy licence only for one member of the cluster. See this link:

https://supportforums.cisco.com/discussion/11380716/cisco-asa-5520-failover-unit-anyconnect-licenses

For AnyConnect please read this document - you must have ASA 8.2(x) for AnyConnect Essentials:

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/feature/guide/anyconnect31features.html#pgfId-65579

Also upgrade your ASDM to 7.22.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 333 total points
Comment Utility
?? AFAIK ?? (I'll happily be proved wrong), VPN is not supported in Active/Active mode?

Pete
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 333 total points
Comment Utility
Failover, Active/Active You cannot use Active/Active failover and VPN; if you want to use VPN, use Active/Standby
failover.

Above From Cisco (that was in version 8.5)

But connecting to multi context firewalls via VPN has not been supported for as long as I can remember?
0
 
LVL 1

Author Closing Comment

by:ITMaster1979
Comment Utility
good
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now