Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Configure cisco anyconnect in Cisco ASA 5520 in active/active setup

Posted on 2015-01-11
4
Medium Priority
?
563 Views
Last Modified: 2015-02-11
Hi All
  I would like to have cisco any connect configured in my ASA 5520, this is my show version result, please advise what type of license i need and if i need to update the iso or increase the memory, i  need to use it for 50 users.

Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)

Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"

Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
 0: Ext: GigabitEthernet0/0  : address is c84c.7599.47ba, irq 9
 1: Ext: GigabitEthernet0/1  : address is c84c.7599.47bb, irq 9
 2: Ext: GigabitEthernet0/2  : address is c84c.7599.47bc, irq 9
 3: Ext: GigabitEthernet0/3  : address is c84c.7599.47bd, irq 9
 4: Ext: Management0/0       : address is c84c.7599.47be, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 150
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Security Contexts            : 2
GTP/GPRS                     : Disabled
VPN Peers                    : 750
WebVPN Peers                 : 2
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions            : 2

This platform has an ASA 5520 VPN Plus license.
0
Comment
Question by:ITMaster1979
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Assisted Solution

by:Matt
Matt earned 668 total points
ID: 40543794
You have only 2 WEB VPN licences.

I would first suggest to upgrade your ASA to 8.2.5 interim 52 build, it is the latest and stable build using the old NAT configuration. After that, you will have result like these for "show ver":

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 100
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 2
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 250
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has an ASA 5510 Security Plus license.


Total VPN Peers are AnyConnect + IPSEC VPN sessions (remote and site to site). You Will need AnyConnect Essentials licence and AnyConnect for Mobile if you have any users connecting with mobile devices, for example Apple iPAD can do it.
If you have ASA in cluster, then you Will have to buy licence for both devices because your version is below 8.3. CISCO has changed this in ASA 8.3 and above where you buy licence only for one member of the cluster. See this link:

https://supportforums.cisco.com/discussion/11380716/cisco-asa-5520-failover-unit-anyconnect-licenses

For AnyConnect please read this document - you must have ASA 8.2(x) for AnyConnect Essentials:

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/feature/guide/anyconnect31features.html#pgfId-65579

Also upgrade your ASDM to 7.22.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 1332 total points
ID: 40546657
?? AFAIK ?? (I'll happily be proved wrong), VPN is not supported in Active/Active mode?

Pete
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 1332 total points
ID: 40546668
Failover, Active/Active You cannot use Active/Active failover and VPN; if you want to use VPN, use Active/Standby
failover.

Above From Cisco (that was in version 8.5)

But connecting to multi context firewalls via VPN has not been supported for as long as I can remember?
0
 
LVL 1

Author Closing Comment

by:ITMaster1979
ID: 40602711
good
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question