Solved

Configure cisco anyconnect in Cisco ASA 5520 in active/active setup

Posted on 2015-01-11
4
478 Views
Last Modified: 2015-02-11
Hi All
  I would like to have cisco any connect configured in my ASA 5520, this is my show version result, please advise what type of license i need and if i need to update the iso or increase the memory, i  need to use it for 50 users.

Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)

Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"

Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
 0: Ext: GigabitEthernet0/0  : address is c84c.7599.47ba, irq 9
 1: Ext: GigabitEthernet0/1  : address is c84c.7599.47bb, irq 9
 2: Ext: GigabitEthernet0/2  : address is c84c.7599.47bc, irq 9
 3: Ext: GigabitEthernet0/3  : address is c84c.7599.47bd, irq 9
 4: Ext: Management0/0       : address is c84c.7599.47be, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 150
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Security Contexts            : 2
GTP/GPRS                     : Disabled
VPN Peers                    : 750
WebVPN Peers                 : 2
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions            : 2

This platform has an ASA 5520 VPN Plus license.
0
Comment
Question by:ITMaster1979
  • 2
4 Comments
 
LVL 6

Assisted Solution

by:Matt
Matt earned 167 total points
ID: 40543794
You have only 2 WEB VPN licences.

I would first suggest to upgrade your ASA to 8.2.5 interim 52 build, it is the latest and stable build using the old NAT configuration. After that, you will have result like these for "show ver":

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 100
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 2
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 250
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has an ASA 5510 Security Plus license.


Total VPN Peers are AnyConnect + IPSEC VPN sessions (remote and site to site). You Will need AnyConnect Essentials licence and AnyConnect for Mobile if you have any users connecting with mobile devices, for example Apple iPAD can do it.
If you have ASA in cluster, then you Will have to buy licence for both devices because your version is below 8.3. CISCO has changed this in ASA 8.3 and above where you buy licence only for one member of the cluster. See this link:

https://supportforums.cisco.com/discussion/11380716/cisco-asa-5520-failover-unit-anyconnect-licenses

For AnyConnect please read this document - you must have ASA 8.2(x) for AnyConnect Essentials:

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/feature/guide/anyconnect31features.html#pgfId-65579

Also upgrade your ASDM to 7.22.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 333 total points
ID: 40546657
?? AFAIK ?? (I'll happily be proved wrong), VPN is not supported in Active/Active mode?

Pete
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 333 total points
ID: 40546668
Failover, Active/Active You cannot use Active/Active failover and VPN; if you want to use VPN, use Active/Standby
failover.

Above From Cisco (that was in version 8.5)

But connecting to multi context firewalls via VPN has not been supported for as long as I can remember?
0
 
LVL 1

Author Closing Comment

by:ITMaster1979
ID: 40602711
good
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question