AnyConnect 4 – Plus and Apex Licensing Explained

KB ID 0001013 

Problem

(Updated 11/05/21)

Before version 4 we simply had AnyConnect Essentials and Premium licensing, now we have Plus and Apex licensing.

AnyConnect Plus and Apex

There are in fact three licensing options;

  • Cisco AnyConnect Plus Subscription Licenses
  • Cisco AnyConnect Plus Perpetual Licenses
  • Cisco AnyConnect Apex Subscription Licenses
  • NEW VPN Only perpetual Licences

Plus and Apex Contain;

AnyConnect PLUS (Cisco pitch “Equivalent to the old Essentials License”).

  • VPN functionality for PC and mobile platforms, including per-app VPN on mobile platforms.
  • Basic endpoint context collection (Note: NOT full ISE context support).
  • IEEE 802.1X Windows supplicant.
  • Cisco Cloud Web Security agent for Windows & Mac OS X platforms.
  • Cisco Web Security Appliance support.
  • FIPS compliance.

AnyConnect APEX (Cisco pitch “Equivalent to the old Premium License”).

  • Everything that’s included in AnyConnect Plus.
  • Clientless (browser-based) VPN termination on the Cisco ASA.
  • VPN Compliance/Posture agent in conjunction with the Cisco ASA.
  • Unified Compliance/Posture agent in conjunction with the Cisco ISE 1.3 or later.
  • Next Generation Encryption/Suite B.

Both licenses are available as 1, 2 and 5 (not 3 as listed on the Cisco website) year subscription, or you can buy Plus licenses with a perpetual license option.

Note: For PLUS Licences looks at SKUs starting  L-AC-PLS, for APEX Licences look SKUs starting at L-AC-APX

(Note: if you have a Plus Perpetual license you still need to purchase a software applications support plus upgrades (SASU) contract.

Regardless of which you buy, the SASU for AnyConnect is NOT included in the support contract for the parent device e.g. the SmartNet on your Cisco ASA Firewall.

To purchase support you order the parent license (SKU: L-AC-PLS-P-G) which has no cost, then you add in the relevant license for the amount of clients you have e.g. AC-PLS-P-500-S for 500 users, AC-PLS-P-2000-S for 2000 users etc.

BE AWARE: AnyConnect 4 Licenses will display as AnyConnect Premium licenses when you issue a ‘show version’ command. When adding an AnyConnect 4 License (regardless of the quantity of licenses added), will license to the maximum permitted AnyConnect Premium license count for the ASA hardware platform, those being;

New AnyConnect VPN Only Licences (Perpetual)

You can now purchase VPN Only perpetual licences, they are sold by ‘Concurrent VPN Connection‘. You order them like so;

L-AC-VPNO-25 (for 25 concurrent VPN connections) you can also buy in 50, 100, 250, 500, 1K, 2500, 5K ,and 10K versions. Depending on what you device will physically support (see below)

Cisco ASA Maximum VPN Peers / Sessions

Cisco Firepower Firewalls

FPR-1010 = 75
FPR-1120 = 150
FPR-1130 = 400
FPR-1140 = 800
FPR-2110 = 1500
FPR-2120 = 3500
FPR-2130 = 7500
FPR-2140 = 10,000
FPR-4110 = 10,000
FPR-4112 = 10,000
FPR-4115 = 15,000
FPR-4120 = 20,000
FPR-4125 = 20,000
FPR-4140 = 20,000
FPR-4145 = 20,000
FPR-4150 = 20,000
FPR-9300-SM24 = 20,000 
FPR-9300-SM36 = 20,000
FPR-9300-SM40 = 20,000
FPR-9300-SM44 = 20,000
FPR-9300-3xSM44 = 60,000
FPR-9300-SM48 = 20,000
FPR-9300-SM56 = 20,000
FPR-9300-SM3x56 = 60,000

Cisco ASA 5500-X Firewalls
5506-X = 50
5508-X = 100
5512-X = 250
5515-X = 250
5516-X = 300
5525-X = 750
5545-X = 2500
5555-X = 5000
5585-X = 10,000
Cisco ASA 5500 Firewalls

5505 = 25 
5510 = 250 
5520 = 750 
5540 = 5,000 
5550 = 5,000 
5580 = 10,000

Cisco ASAv Firewalls

ASAv5  = 50
ASAv10 = 100
ASAv30 = 750
ASAv50 = 10,000
 

Related Articles, References, Credits, or External Links

Cisco AnyConnect – Essentials / Premium Licenses Explained

Cisco ASA 5500 – Adding Licenses

Cisco AnyConnect Ordering Guide

Outlook Web App 2013 – Offline Mode

 

KB ID 0000727 

Problem

A great new feature of OWA 2013 is the ability to run in ‘Offline mode’. This runs in the same manner as Microsoft Outlook’s ‘Cached Mode’ which has been built into full Outlook since version 2003.

There are a few caveats before you can get it to work;

Requirements for OWA Offline Mode

1. A compatible browser (Internet Explorer 10, Chrome 18, or Safari 5.1). source
2. You have to be connecting to OWA being hosted on an Exchange 2013 CAS server.
3. Your mailbox needs to be hosted on an Exchange 2013 Mailbox server.

Capabilities of OWA Offline Mode

1. While you are in offline mode, you can open OWA, read and reply to emails, send new emails, respond to meeting requests, view your calendar, view and edit your contacts.

Note: Obviously all sent and updated data will not be sent to recipients, or changes reflected in Exchange until you are no longer in offline mode.

2. The system will only cache data for the past month and calendar entries for the next twelve months.

3. Contact information for recently used recipients will also be cached.

Disadvantages of OWA Offline Mode

1. A prolonged period in cached mode can cause scheduled events in your calendar to stop working. (Its only designed for users to be sporadically disconnected).

2. You cannot access Archived folders.

3. With the exception of the Inbox, Sent Items, Calendar, and Drafts items folder, only folders you have accessed will be cached.

Solution

1. Whilst online and connected to OWA > Settings > Use mail offline.

2. For security reasons you will be asked if you are on a public computer > Prompted to add the URL to favorites (or bookmarks depending on the browser).

Note: DO NOT use this feature on a shared or public computer, the cache is accessible from other user accounts on the machine.

3. In this example I’m using IE10 > Just for ease I’m enabling the Favorites bar to see the shortcut.

4. Depending on the size of the mailbox and speed of connection, it may take a while to syncronise. Whilst offline OWA will display the time it last connected to Exchange, and while you are working offline if you send any mail it will keep a track of pending options for next time you are online.

Internet Explorer 10 Caches and Databases

The whole system works because the supported browsers have the ability to cache information locally, to see where that’s being set in IE10, Internet Options > General > Browsing Data > Settings > Caches and Databases.

Related Articles, References, Credits, or External Links

NA