KB ID 0001013
Problem
(Updated 11/05/21)
Before version 4 we simply had AnyConnect Essentials and Premium licensing, now we have Plus and Apex licensing.
AnyConnect Plus and Apex
There are in fact three licensing options;
- Cisco AnyConnect Plus Subscription Licenses
- Cisco AnyConnect Plus Perpetual Licenses
- Cisco AnyConnect Apex Subscription Licenses
- NEW VPN Only perpetual Licences
Plus and Apex Contain;
AnyConnect PLUS (Cisco pitch “Equivalent to the old Essentials License”).
- VPN functionality for PC and mobile platforms, including per-app VPN on mobile platforms.
- Basic endpoint context collection (Note: NOT full ISE context support).
- IEEE 802.1X Windows supplicant.
- Cisco Cloud Web Security agent for Windows & Mac OS X platforms.
- Cisco Web Security Appliance support.
- FIPS compliance.
AnyConnect APEX (Cisco pitch “Equivalent to the old Premium License”).
- Everything that’s included in AnyConnect Plus.
- Clientless (browser-based) VPN termination on the Cisco ASA.
- VPN Compliance/Posture agent in conjunction with the Cisco ASA.
- Unified Compliance/Posture agent in conjunction with the Cisco ISE 1.3 or later.
- Next Generation Encryption/Suite B.
Both licenses are available as 1, 2 and 5 (not 3 as listed on the Cisco website) year subscription, or you can buy Plus licenses with a perpetual license option.
Note: For PLUS Licences looks at SKUs starting L-AC-PLS, for APEX Licences look SKUs starting at L-AC-APX
(Note: if you have a Plus Perpetual license you still need to purchase a software applications support plus upgrades (SASU) contract.
Regardless of which you buy, the SASU for AnyConnect is NOT included in the support contract for the parent device e.g. the SmartNet on your Cisco ASA Firewall.
To purchase support you order the parent license (SKU: L-AC-PLS-P-G) which has no cost, then you add in the relevant license for the amount of clients you have e.g. AC-PLS-P-500-S for 500 users, AC-PLS-P-2000-S for 2000 users etc.
BE AWARE: AnyConnect 4 Licenses will display as AnyConnect Premium licenses when you issue a ‘show version’ command. When adding an AnyConnect 4 License (regardless of the quantity of licenses added), will license to the maximum permitted AnyConnect Premium license count for the ASA hardware platform, those being;
New AnyConnect VPN Only Licences (Perpetual)
You can now purchase VPN Only perpetual licences, they are sold by ‘Concurrent VPN Connection‘. You order them like so;
L-AC-VPNO-25 (for 25 concurrent VPN connections) you can also buy in 50, 100, 250, 500, 1K, 2500, 5K ,and 10K versions. Depending on what you device will physically support (see below)
Cisco ASA Maximum VPN Peers / Sessions
Cisco Firepower Firewalls FPR-1010 = 75 FPR-1120 = 150 FPR-1130 = 400 FPR-1140 = 800 FPR-2110 = 1500 FPR-2120 = 3500 FPR-2130 = 7500 FPR-2140 = 10,000 FPR-4110 = 10,000 FPR-4112 = 10,000 FPR-4115 = 15,000 FPR-4120 = 20,000 FPR-4125 = 20,000 FPR-4140 = 20,000 FPR-4145 = 20,000 FPR-4150 = 20,000 FPR-9300-SM24 = 20,000 FPR-9300-SM36 = 20,000 FPR-9300-SM40 = 20,000 FPR-9300-SM44 = 20,000 FPR-9300-3xSM44 = 60,000 FPR-9300-SM48 = 20,000 FPR-9300-SM56 = 20,000 FPR-9300-SM3x56 = 60,000
Cisco ASA 5500-X Firewalls
5506-X = 50 5508-X = 100 5512-X = 250 5515-X = 250 5516-X = 300 5525-X = 750 5545-X = 2500 5555-X = 5000 5585-X = 10,000
Cisco ASA 5500 Firewalls 5505 = 25 5510 = 250 5520 = 750 5540 = 5,000 5550 = 5,000 5580 = 10,000
Cisco ASAv Firewalls
ASAv5 = 50 ASAv10 = 100 ASAv30 = 750 ASAv50 = 10,000
Related Articles, References, Credits, or External Links
Cisco AnyConnect – Essentials / Premium Licenses Explained