Posted  by 

Cisco Rv345 Anyconnect License

The Cisco AnyConnect Secure Mobility Client consistently raises the bar in remote access technology by making the experience easy for end users but with the security required by IT. The Cisco AnyConnect Secure Mobility Client provides a secure connectivity experience across a broad set of PC and mobile devices.

  1. Cisco Rv345 Anyconnect License Requirements

This post will try to help understand the differences between anyconnect premium and anyconnect essentials licenses.

For a more complete understanding of all of the licensing on the Cisco ASA see this post.

Note: You cannot have both Essentials and Premium running at once.

Note: Cisco ASA 8.3+ no longer requires both the Active and Standby unit to each have a license. The active license is shared between the failover units. This should not be confused with the ‘shared premium license’.Demonoid me.

Note: Cisco Secure Desktop is now deprecated. Cisco has stopped development for it.

Source of this image: Cisco’s Partner Education center – ASA Licensing Webex.

Cisco changed the licensing a couple of years back, from perpetual user bundles to subscription based. It's licensed on total users, not simultaneous, but it's not very expensive from my experience. We use the Plus licenses. They give access to the mobile clients as well. Those were provided wit a separate license in the old model. A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because HTTP requests are not properly. I'm looking to bypass the restrictions enforced by the Cisco VPN client (no local LAN access) in Windows. I don't think I can connect to the VPN using PPTP, I believe it has to be IPSec like the Cisco client uses. I'm just wondering what is involved in mimicking the Cisco client (decrypting group password, etc.) from someone who knows how to do it.

Cisco rv345 anyconnect license activation

To enable AnyConnect essentials:

Purchase the license (L-ASA-AC-E-55xx= it costs $100-$500).

Apply the license to the ASA using the activation-key command. This does not require a reboot.

Apply the config:

Now your firewall will be licensed to have up to however many connections that are on the “Total VPN Connections”. For instance if your show version says this:

You will now be licensed to accommodate 250 anyconnect connectionns.

To enable AnyConnect Premium

Buy the license. You must purchase a license for a specific number of users (L-ASA-SSL-10= costs around $800).

License

Apply the license to the ASA using the activation-key command. This does not require a reboot.

Configure the ASA:

If you’ve already licensed this ASA for Essentials in the past then it will still show as an enabled license.

Once this is complete your ASA will be licensed to accept however many Anyconnect connections as you have Premium Licenses for. So if your show version looks like this:

Then your ASA can have 10 Anyconnect or webvpn users at once.

Note: The name “Anyconnect Premium” has changed a lot in different versions. Here are the different naming schemes.

  • 7.1(1) known as “ssl vpn”
  • 8.2(1) name changed to “anyconnect premium ssl vpn edition”
  • 8.3(1) name changed to “anyconnect premium ssl vpn”
  • 8.4(1) name changed to “anyconnect premium”

AnyConnect for Mobile

This license allows AnyConnect connections from mobile devices. There is current support for iPhone, iPad, Android version 4.0 and up, rooted Androids and Samsung Galaxy’s.

The mobile license is on or off and not tied to a number of users. It costs between $100-$500.

This license is applied by simply using the activation-key command. A reboot is not needed. There is no further configuration needed after that.

Advanced Endpoint Assessment

Advanced Endpoint Assessment includes all of the Endpoint Assessment features, and lets you configure an attempt to update noncompliant computers to meet version requirements.

This license is applied by simply using the activation-key command. A reboot is not needed.

Shared Premium License

New to ASA 8.3+ code is the ability to share licensing. This is only for Anyconnect Premium. It allows for one ASA to have a shared license which other ASAs can use.

This configuration requires two extra licenses. A license is needed for the shared server which indicates how many shared licenses there are and there also is a need for any participating ASAs.

After buying a shared participant license and applying it with the activation-key command, configure it with a command similar to this:

Cisco rv345 anyconnect license requirementsCisco Rv345 Anyconnect License

license-server address 10.15.0.15 secret SeKreTkey

The show version on the participant ASA will show this:

Now buy the shared premium license for the server for the amount of users you wish to have.

Apply the license using the activation-key command. Then apply the following config:

The show version at this point looks like this:

Also you can see the show shared license output:

If the license count isn’t going up when joining a shared pool here are a couple of other settings that may help you:

Cisco Rv345 Anyconnect License Requirements

These two settings will limit how many sessions this host or the other hosts can use. This may be set already and limiting what is usable.