Just so I know for sure on a 5505 with the Security Plus license I can have
10 total VPN clients accessing the device with only 2 of those being the
AnyConnect that is correct, right?

Jon

On Fri, Aug 7, 2009 at 11:18 AM, Jon Harris <[email protected]> wrote:

>  Good to know EDU pricing on Essentials is sweet.
>
> Jon
>
>   On Fri, Aug 7, 2009 at 10:50 AM, Rohyans, Aaron <[email protected]
> > wrote:
>
>>  All you need is the Essentials then – gives you the same functionality
>> of the older IPSec client (full tunnel back to corporate).  If you don’t
>> care about the WebVPN stuff, then you don’t ever need to worry about
>> upgrading again to Premium – just stick with the Essentials from here on
>> out.
>>
>>
>>
>> *Aaron T. Rohyans*
>> *Senior Network Engineer*
>>
>> *CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP,
>> JNCIA-ER***
>>
>> *DPSciences Corporation
>> *7400 N. Shadeland Ave., Suite 245
>>
>> Indianapolis, IN 46250
>> Office:  (317) 348-0099
>> Fax:   (317) 849-7134
>> *[email protected]
>> *http://www.dpsciences.com/
>>
>>
>>
>> *From:* Jon Harris [mailto:[email protected]]
>> *Sent:* Friday, August 07, 2009 10:43 AM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Cisco VPN client on Vista 64 bit
>>
>>
>>
>> Yeah it makes sense but I wish they would have just stayed cut and dried
>> and not followed the crowd and gone with this licensing structure.
>>
>>
>>
>> So do I need the Premium license or can I get away with an Essentials
>> license.  The AnyConnect will work on a Mac so I don't need or want the Web
>> based VPN operational, which is how it is setup now.  (No web based VPN)  I
>> have several staffers that on the next OS refresh will be going to X64 on
>> their machines and they will need the VPN.
>>
>>
>>
>> Jon
>>
>> On Fri, Aug 7, 2009 at 10:26 AM, Rohyans, Aaron <[email protected]>
>> wrote:
>>
>> Well – you’re describing two different licenses – so yes, back to your
>> point, Cisco is getting difficult on license options J
>>
>>
>>
>> The ASA “platform” itself has several different licenses (Base, Security
>> Plus, VPN Edition, etc.).  All come with the 2 free Premium SSL Licenses.
>>
>>
>>
>> What we’re referring to here is an **additional** license to buy on top
>> of your Base/Security Plus/VPN Edition license to give you the capability to
>> run more concurrent SSL users.  SSL is just a licensed “feature” of your
>> normal ASA license if that makes sense.  As is Phone Proxy, Advanced
>> Endpoint Assessment, etc.
>>
>>
>>
>> So, from what you’re describing, your normal platform license will always
>> remain the Security Plus license, but you will be upgrading the SSL features
>> of the Security Plus license to include more concurrent SSL users.
>>
>>
>>
>> Hope that makes sense J
>>
>>
>>
>> *Aaron T. Rohyans*
>> *Senior Network Engineer*
>>
>> *CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP,
>> JNCIA-ER*
>>
>> *DPSciences Corporation
>> *7400 N. Shadeland Ave., Suite 245
>>
>> Indianapolis, IN 46250
>> Office:  (317) 348-0099
>> Fax:   (317) 849-7134
>> *[email protected]
>> *http://www.dpsciences.com/
>>
>>
>>
>> *From:* Jon Harris [mailto:[email protected]]
>> *Sent:* Friday, August 07, 2009 10:05 AM
>>
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Cisco VPN client on Vista 64 bit
>>
>>
>>
>> That last sounds expensive unless we can use a 5505 to be the license
>> server.  I think we have the Premium license now it is called Security Plus
>> and gave me the 2 AnyConnects I have now but does give me an option to add
>> additional licenses.  Cisco is getting just as hard as Microsoft at dealing
>> with on licenses.
>>
>>
>>
>> Jon
>>
>> On Fri, Aug 7, 2009 at 9:56 AM, Rohyans, Aaron <[email protected]>
>> wrote:
>>
>> Not entirely sure – but from what I’ve heard, it’s either or… i.e. you buy
>> 100 Essentials licenses now… then down the road you cannot “upgrade” to a
>> premium… you have to purchase an entirely new set of 100 Premium licenses.
>> Thus, your ASA becomes a “Premium only” SSL box.  Your users will remain
>> unaffected as it’s the same AnyConnect client for both license structures.
>> You’ll just get the ability to do WebVPN proxy as well.  That (IMHO) is why
>> they made the Essentials package so much cheaper - +/-$200 now is
>> justifiable for quick connectivity, but sooner or later you’ll probably have
>> to spend the real money on the Premium licenses.
>>
>>
>>
>> Also, with version 8.2 of the ASA code, Cisco now gives you the ability to
>> do Flex Licensing.  Flex Licensing allows you to buy, say 100 Essentials and
>> 100 Premium licenses, throw them onto a License Server (another ASA), then
>> have all 200 of your License Server licenses be allocated dynamically to
>> multiple ASAs around your environment (each “child” ASA will enroll with the
>> License server to request SSL licenses as the needs arise).
>>
>>
>>
>> *Aaron T. Rohyans*
>> *Senior Network Engineer*
>>
>> *CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP,
>> JNCIA-ER*
>>
>> *DPSciences Corporation
>> *7400 N. Shadeland Ave., Suite 245
>>
>> Indianapolis, IN 46250
>> Office:  (317) 348-0099
>> Fax:   (317) 849-7134
>> *[email protected]
>> *http://www.dpsciences.com/
>>
>>
>>
>> *From:* Jon Harris [mailto:[email protected]]
>> *Sent:* Friday, August 07, 2009 8:41 AM
>>
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Cisco VPN client on Vista 64 bit
>>
>>
>>
>> Aaron,
>>
>>
>>
>> How hard is it to switch from one license form to another?  I will be
>> looking at that soon.
>>
>>
>>
>> Jon
>>
>> On Fri, Aug 7, 2009 at 8:32 AM, Rohyans, Aaron <[email protected]>
>> wrote:
>>
>> The older IPSec client is going away in favor of the AnyConnect SSL VPN
>> Client (which works on all 32/64 bit platforms).  Eventually, Cisco will add
>> IPSec support for the AnyConnect client (so that it connect using SSL, or
>> traditional methods), but for now it is completely SSL based.  You get 2
>> free Premium licenses with the Base License of an ASA – standard.  You can
>> purchase AnyConnect Essentials licenses (which give you everything you need
>> to create a full VPN tunnel) for about $200 for 100 users – so the price is
>> reasonable.  The Premium version of the licenses add the capability to do
>> WebVPN Proxy as well, but will run you significantly more.
>>
>>
>>
>> You cannot run Essentials/Premium licenses simultaneously… it is one or
>> the other.  For simple VPN tunneling capabilities (like what the older IPSec
>> client did)… the Essentials is what you want and you can pick up 100
>> licenses for next to nothing.
>>
>>
>>
>> As someone else mentioned, you can also generate a self-signed cert on the
>> ASA for free, but your users will need to click through a few warnings in
>> order to connect (similar to how IE forces you to acknowledge that you are
>> going to a secure site that it doesn’t trust).  I always recommend enrolling
>> with a 3rd party CA (Entrust, Verisign, GoDaddy, etc.) to make
>> installations and subsequent connections go smoothly.
>>
>>
>>
>> Hope this helps!
>>
>>
>>
>> *Aaron T. Rohyans*
>> *Senior Network Engineer*
>>
>> *CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP,
>> JNCIA-ER*
>>
>> *DPSciences Corporation
>> *7400 N. Shadeland Ave., Suite 245
>>
>> Indianapolis, IN 46250
>> Office:  (317) 348-0099
>> Fax:   (317) 849-7134
>> *[email protected]
>> *http://www.dpsciences.com/
>>
>>
>>
>> *From:* Owens, Michael [mailto:[email protected]]
>> *Sent:* Friday, August 07, 2009 8:24 AM
>>
>>
>> *To:* NT System Admin Issues
>> *Subject:* RE: Cisco VPN client on Vista 64 bit
>>
>>
>>
>> ahahhaah Well I guess theres that too.
>>
>>
>>
>> Wow it's early.
>>
>>
>>  ------------------------------
>>
>> *From:* David W. McSpadden [mailto:[email protected]]
>> *Sent:* Friday, August 07, 2009 8:23 AM
>> *To:* NT System Admin Issues
>> *Subject:* Re: Cisco VPN client on Vista 64 bit
>>
>> Just more licenses...
>>
>>  ----- Original Message -----
>>
>> *From:* Owens, Michael <[email protected]>
>>
>> *To:* NT System Admin Issues <[email protected]>
>>
>> *Sent:* Friday, August 07, 2009 8:19 AM
>>
>> *Subject:* RE: Cisco VPN client on Vista 64 bit
>>
>>
>>
>> So wait - when Windows 7 comes out, (and supposedly everyone goes to it)
>> Everyone will need to buy new ASAs, or more SSL lisenses? I read that Ncp
>> secure entry client, works... I dont suppose anyone has given it a shot?
>>
>>
>>
>>
>>
>> http://www.ncp-e.com/en/solutions/vpn-products/secure-entry-client.html
>>  ------------------------------
>>
>> *From:* Jon Harris [mailto:[email protected]]
>> *Sent:* Friday, August 07, 2009 8:11 AM
>> *To:* NT System Admin Issues
>> *Subject:* Re: Cisco VPN client on Vista 64 bit
>>
>> ASA will generate a self-signed cert for you and on X64 you will use
>> AnyConnect.  Depending on how you set it up you can make it so that only
>> preinstalled users can access it.  I just finished getting ours up and
>> running with 2 clients using the AnyConnect, and now have to look at getting
>> an expanded license so that I can use the AnyConnect more.
>>
>>
>>
>> Jon
>>
>> On Fri, Aug 7, 2009 at 8:02 AM, N Parr <[email protected]> wrote:
>>
>> Load a cert and away you go, it's all web based.
>>
>>
>>  ------------------------------
>>
>> *From:* Owens, Michael [mailto:[email protected]]
>>
>> *Sent:* Friday, August 07, 2009 6:59 AM
>>
>>
>> *To:* NT System Admin Issues
>>
>> *Subject:* RE: Cisco VPN client on Vista 64 bit
>>
>>
>>
>> I was afraid you'd say that. It actually isn't MY ASA. I do side work for
>> a company I used to work for... one of the big wigs there still refuses to
>> use anyone but me, and he pays me well!
>>
>>
>>
>> Anyway I guess I walked into this one. :)
>>
>>
>>
>> With the SSL lisenses, how do you connect?
>>
>>
>>
>> Mike
>>
>>
>>  ------------------------------
>>
>> *From:* Eldridge, Dave [mailto:[email protected]]
>>
>> *Sent:* Friday, August 07, 2009 7:53 AM
>>
>>
>> *To:* NT System Admin Issues
>> *Subject:* RE: Cisco VPN client on Vista 64 bit
>>
>>
>>
>> Nadda.
>>
>> Did your asa come with 3 ssl licenses? Mine did and that is what I use.
>>
>> It will be interesting to see what they do with 64 bit 7.
>>
>>
>>
>> *From:* Owens, Michael [mailto:[email protected]]
>> *Sent:* Friday, August 07, 2009 5:50 AM
>> *To:* NT System Admin Issues
>> *Subject:* Cisco VPN client on Vista 64 bit
>>
>>
>>
>> I think I remember seeing someone post about this a while back...
>>
>>
>>
>> Is there something that will connect to an ASA (preferebly free)  since
>> apparently Cisco has never made (and has no intention of making) a 64 bit
>> version of their client?
>>
>>
>>
>> I will accept limited juryrigging. :)
>>
>>
>>
>> I refuse to believe that Cisco has yet to come out with something for
>> 64bit operationg systems? Its been like 7 years?
>>
>>
>>
>>
>>
>> Thanks!
>>
>> Mike
>>
>>
>>  ------------------------------
>>
>> This message, and any response to it, may constitute a public record and
>> thus may be publicly available to anyone who requests it in accordance
>> with Chapter 149 of the Ohio Revised Code.
>>
>>
>>
>>
>>
>> This e-mail contains the thoughts and opinions of the sender and does not
>> represent official Parkview Medical Center policy.
>>
>> This communication is intended only for the recipient(s) named above, may
>> be confidential and/or legally privileged: and, must be treated as such in
>> accordance with state and federal laws. If you are not the intended
>> recipient, you are hereby notified that any use of this communication, or
>> any of its contents, is prohibited. If you have received this communication
>> in error, please return to sender and delete the message from your computer
>> system.
>>
>>
>>
>>
>>
>>
>>  ------------------------------
>>
>> This message, and any response to it, may constitute a public record and
>> thus may be publicly available to anyone who requests it in accordance
>> with Chapter 149 of the Ohio Revised Code.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>  ------------------------------
>>
>> This message, and any response to it, may constitute a public record and
>> thus may be publicly available to anyone who requests it in accordance
>> with Chapter 149 of the Ohio Revised Code.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>  ------------------------------
>>
>> This message, and any response to it, may constitute a public record and
>> thus may be publicly available to anyone who requests it in accordance
>> with Chapter 149 of the Ohio Revised Code.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to