Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 586
  • Last Modified:

Configure cisco anyconnect in Cisco ASA 5520 in active/active setup

Hi All
  I would like to have cisco any connect configured in my ASA 5520, this is my show version result, please advise what type of license i need and if i need to update the iso or increase the memory, i  need to use it for 50 users.

Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)

Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"

Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
 0: Ext: GigabitEthernet0/0  : address is c84c.7599.47ba, irq 9
 1: Ext: GigabitEthernet0/1  : address is c84c.7599.47bb, irq 9
 2: Ext: GigabitEthernet0/2  : address is c84c.7599.47bc, irq 9
 3: Ext: GigabitEthernet0/3  : address is c84c.7599.47bd, irq 9
 4: Ext: Management0/0       : address is c84c.7599.47be, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 150
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Security Contexts            : 2
GTP/GPRS                     : Disabled
VPN Peers                    : 750
WebVPN Peers                 : 2
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions            : 2

This platform has an ASA 5520 VPN Plus license.
0
ITMaster1979
Asked:
ITMaster1979
  • 2
3 Solutions
 
MattCommented:
You have only 2 WEB VPN licences.

I would first suggest to upgrade your ASA to 8.2.5 interim 52 build, it is the latest and stable build using the old NAT configuration. After that, you will have result like these for "show ver":

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 100
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 2
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 250
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has an ASA 5510 Security Plus license.


Total VPN Peers are AnyConnect + IPSEC VPN sessions (remote and site to site). You Will need AnyConnect Essentials licence and AnyConnect for Mobile if you have any users connecting with mobile devices, for example Apple iPAD can do it.
If you have ASA in cluster, then you Will have to buy licence for both devices because your version is below 8.3. CISCO has changed this in ASA 8.3 and above where you buy licence only for one member of the cluster. See this link:

https://supportforums.cisco.com/discussion/11380716/cisco-asa-5520-failover-unit-anyconnect-licenses

For AnyConnect please read this document - you must have ASA 8.2(x) for AnyConnect Essentials:

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/feature/guide/anyconnect31features.html#pgfId-65579

Also upgrade your ASDM to 7.22.
0
 
Pete LongConsultantCommented:
?? AFAIK ?? (I'll happily be proved wrong), VPN is not supported in Active/Active mode?

Pete
0
 
Pete LongConsultantCommented:
Failover, Active/Active You cannot use Active/Active failover and VPN; if you want to use VPN, use Active/Standby
failover.

Above From Cisco (that was in version 8.5)

But connecting to multi context firewalls via VPN has not been supported for as long as I can remember?
0
 
ITMaster1979Author Commented:
good
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now