Just so I know for sure on a 5505 with the Security Plus license I can have 10 total VPN clients accessing the device with only 2 of those being the AnyConnect that is correct, right?
Jon On Fri, Aug 7, 2009 at 11:18 AM, Jon Harris <[email protected]> wrote: > Good to know EDU pricing on Essentials is sweet. > > Jon > > On Fri, Aug 7, 2009 at 10:50 AM, Rohyans, Aaron <[email protected] > > wrote: > >> All you need is the Essentials then – gives you the same functionality >> of the older IPSec client (full tunnel back to corporate). If you don’t >> care about the WebVPN stuff, then you don’t ever need to worry about >> upgrading again to Premium – just stick with the Essentials from here on >> out. >> >> >> >> *Aaron T. Rohyans* >> *Senior Network Engineer* >> >> *CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, >> JNCIA-ER*** >> >> *DPSciences Corporation >> *7400 N. Shadeland Ave., Suite 245 >> >> Indianapolis, IN 46250 >> Office: (317) 348-0099 >> Fax: (317) 849-7134 >> *[email protected] >> *http://www.dpsciences.com/ >> >> >> >> *From:* Jon Harris [mailto:[email protected]] >> *Sent:* Friday, August 07, 2009 10:43 AM >> >> *To:* NT System Admin Issues >> *Subject:* Re: Cisco VPN client on Vista 64 bit >> >> >> >> Yeah it makes sense but I wish they would have just stayed cut and dried >> and not followed the crowd and gone with this licensing structure. >> >> >> >> So do I need the Premium license or can I get away with an Essentials >> license. The AnyConnect will work on a Mac so I don't need or want the Web >> based VPN operational, which is how it is setup now. (No web based VPN) I >> have several staffers that on the next OS refresh will be going to X64 on >> their machines and they will need the VPN. >> >> >> >> Jon >> >> On Fri, Aug 7, 2009 at 10:26 AM, Rohyans, Aaron <[email protected]> >> wrote: >> >> Well – you’re describing two different licenses – so yes, back to your >> point, Cisco is getting difficult on license options J >> >> >> >> The ASA “platform” itself has several different licenses (Base, Security >> Plus, VPN Edition, etc.). All come with the 2 free Premium SSL Licenses. >> >> >> >> What we’re referring to here is an **additional** license to buy on top >> of your Base/Security Plus/VPN Edition license to give you the capability to >> run more concurrent SSL users. SSL is just a licensed “feature” of your >> normal ASA license if that makes sense. As is Phone Proxy, Advanced >> Endpoint Assessment, etc. >> >> >> >> So, from what you’re describing, your normal platform license will always >> remain the Security Plus license, but you will be upgrading the SSL features >> of the Security Plus license to include more concurrent SSL users. >> >> >> >> Hope that makes sense J >> >> >> >> *Aaron T. Rohyans* >> *Senior Network Engineer* >> >> *CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, >> JNCIA-ER* >> >> *DPSciences Corporation >> *7400 N. Shadeland Ave., Suite 245 >> >> Indianapolis, IN 46250 >> Office: (317) 348-0099 >> Fax: (317) 849-7134 >> *[email protected] >> *http://www.dpsciences.com/ >> >> >> >> *From:* Jon Harris [mailto:[email protected]] >> *Sent:* Friday, August 07, 2009 10:05 AM >> >> >> *To:* NT System Admin Issues >> *Subject:* Re: Cisco VPN client on Vista 64 bit >> >> >> >> That last sounds expensive unless we can use a 5505 to be the license >> server. I think we have the Premium license now it is called Security Plus >> and gave me the 2 AnyConnects I have now but does give me an option to add >> additional licenses. Cisco is getting just as hard as Microsoft at dealing >> with on licenses. >> >> >> >> Jon >> >> On Fri, Aug 7, 2009 at 9:56 AM, Rohyans, Aaron <[email protected]> >> wrote: >> >> Not entirely sure – but from what I’ve heard, it’s either or… i.e. you buy >> 100 Essentials licenses now… then down the road you cannot “upgrade” to a >> premium… you have to purchase an entirely new set of 100 Premium licenses. >> Thus, your ASA becomes a “Premium only” SSL box. Your users will remain >> unaffected as it’s the same AnyConnect client for both license structures. >> You’ll just get the ability to do WebVPN proxy as well. That (IMHO) is why >> they made the Essentials package so much cheaper - +/-$200 now is >> justifiable for quick connectivity, but sooner or later you’ll probably have >> to spend the real money on the Premium licenses. >> >> >> >> Also, with version 8.2 of the ASA code, Cisco now gives you the ability to >> do Flex Licensing. Flex Licensing allows you to buy, say 100 Essentials and >> 100 Premium licenses, throw them onto a License Server (another ASA), then >> have all 200 of your License Server licenses be allocated dynamically to >> multiple ASAs around your environment (each “child” ASA will enroll with the >> License server to request SSL licenses as the needs arise). >> >> >> >> *Aaron T. Rohyans* >> *Senior Network Engineer* >> >> *CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, >> JNCIA-ER* >> >> *DPSciences Corporation >> *7400 N. Shadeland Ave., Suite 245 >> >> Indianapolis, IN 46250 >> Office: (317) 348-0099 >> Fax: (317) 849-7134 >> *[email protected] >> *http://www.dpsciences.com/ >> >> >> >> *From:* Jon Harris [mailto:[email protected]] >> *Sent:* Friday, August 07, 2009 8:41 AM >> >> >> *To:* NT System Admin Issues >> *Subject:* Re: Cisco VPN client on Vista 64 bit >> >> >> >> Aaron, >> >> >> >> How hard is it to switch from one license form to another? I will be >> looking at that soon. >> >> >> >> Jon >> >> On Fri, Aug 7, 2009 at 8:32 AM, Rohyans, Aaron <[email protected]> >> wrote: >> >> The older IPSec client is going away in favor of the AnyConnect SSL VPN >> Client (which works on all 32/64 bit platforms). Eventually, Cisco will add >> IPSec support for the AnyConnect client (so that it connect using SSL, or >> traditional methods), but for now it is completely SSL based. You get 2 >> free Premium licenses with the Base License of an ASA – standard. You can >> purchase AnyConnect Essentials licenses (which give you everything you need >> to create a full VPN tunnel) for about $200 for 100 users – so the price is >> reasonable. The Premium version of the licenses add the capability to do >> WebVPN Proxy as well, but will run you significantly more. >> >> >> >> You cannot run Essentials/Premium licenses simultaneously… it is one or >> the other. For simple VPN tunneling capabilities (like what the older IPSec >> client did)… the Essentials is what you want and you can pick up 100 >> licenses for next to nothing. >> >> >> >> As someone else mentioned, you can also generate a self-signed cert on the >> ASA for free, but your users will need to click through a few warnings in >> order to connect (similar to how IE forces you to acknowledge that you are >> going to a secure site that it doesn’t trust). I always recommend enrolling >> with a 3rd party CA (Entrust, Verisign, GoDaddy, etc.) to make >> installations and subsequent connections go smoothly. >> >> >> >> Hope this helps! >> >> >> >> *Aaron T. Rohyans* >> *Senior Network Engineer* >> >> *CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, >> JNCIA-ER* >> >> *DPSciences Corporation >> *7400 N. Shadeland Ave., Suite 245 >> >> Indianapolis, IN 46250 >> Office: (317) 348-0099 >> Fax: (317) 849-7134 >> *[email protected] >> *http://www.dpsciences.com/ >> >> >> >> *From:* Owens, Michael [mailto:[email protected]] >> *Sent:* Friday, August 07, 2009 8:24 AM >> >> >> *To:* NT System Admin Issues >> *Subject:* RE: Cisco VPN client on Vista 64 bit >> >> >> >> ahahhaah Well I guess theres that too. >> >> >> >> Wow it's early. >> >> >> ------------------------------ >> >> *From:* David W. McSpadden [mailto:[email protected]] >> *Sent:* Friday, August 07, 2009 8:23 AM >> *To:* NT System Admin Issues >> *Subject:* Re: Cisco VPN client on Vista 64 bit >> >> Just more licenses... >> >> ----- Original Message ----- >> >> *From:* Owens, Michael <[email protected]> >> >> *To:* NT System Admin Issues <[email protected]> >> >> *Sent:* Friday, August 07, 2009 8:19 AM >> >> *Subject:* RE: Cisco VPN client on Vista 64 bit >> >> >> >> So wait - when Windows 7 comes out, (and supposedly everyone goes to it) >> Everyone will need to buy new ASAs, or more SSL lisenses? I read that Ncp >> secure entry client, works... I dont suppose anyone has given it a shot? >> >> >> >> >> >> http://www.ncp-e.com/en/solutions/vpn-products/secure-entry-client.html >> ------------------------------ >> >> *From:* Jon Harris [mailto:[email protected]] >> *Sent:* Friday, August 07, 2009 8:11 AM >> *To:* NT System Admin Issues >> *Subject:* Re: Cisco VPN client on Vista 64 bit >> >> ASA will generate a self-signed cert for you and on X64 you will use >> AnyConnect. Depending on how you set it up you can make it so that only >> preinstalled users can access it. I just finished getting ours up and >> running with 2 clients using the AnyConnect, and now have to look at getting >> an expanded license so that I can use the AnyConnect more. >> >> >> >> Jon >> >> On Fri, Aug 7, 2009 at 8:02 AM, N Parr <[email protected]> wrote: >> >> Load a cert and away you go, it's all web based. >> >> >> ------------------------------ >> >> *From:* Owens, Michael [mailto:[email protected]] >> >> *Sent:* Friday, August 07, 2009 6:59 AM >> >> >> *To:* NT System Admin Issues >> >> *Subject:* RE: Cisco VPN client on Vista 64 bit >> >> >> >> I was afraid you'd say that. It actually isn't MY ASA. I do side work for >> a company I used to work for... one of the big wigs there still refuses to >> use anyone but me, and he pays me well! >> >> >> >> Anyway I guess I walked into this one. :) >> >> >> >> With the SSL lisenses, how do you connect? >> >> >> >> Mike >> >> >> ------------------------------ >> >> *From:* Eldridge, Dave [mailto:[email protected]] >> >> *Sent:* Friday, August 07, 2009 7:53 AM >> >> >> *To:* NT System Admin Issues >> *Subject:* RE: Cisco VPN client on Vista 64 bit >> >> >> >> Nadda. >> >> Did your asa come with 3 ssl licenses? Mine did and that is what I use. >> >> It will be interesting to see what they do with 64 bit 7. >> >> >> >> *From:* Owens, Michael [mailto:[email protected]] >> *Sent:* Friday, August 07, 2009 5:50 AM >> *To:* NT System Admin Issues >> *Subject:* Cisco VPN client on Vista 64 bit >> >> >> >> I think I remember seeing someone post about this a while back... >> >> >> >> Is there something that will connect to an ASA (preferebly free) since >> apparently Cisco has never made (and has no intention of making) a 64 bit >> version of their client? >> >> >> >> I will accept limited juryrigging. :) >> >> >> >> I refuse to believe that Cisco has yet to come out with something for >> 64bit operationg systems? Its been like 7 years? >> >> >> >> >> >> Thanks! >> >> Mike >> >> >> ------------------------------ >> >> This message, and any response to it, may constitute a public record and >> thus may be publicly available to anyone who requests it in accordance >> with Chapter 149 of the Ohio Revised Code. >> >> >> >> >> >> This e-mail contains the thoughts and opinions of the sender and does not >> represent official Parkview Medical Center policy. >> >> This communication is intended only for the recipient(s) named above, may >> be confidential and/or legally privileged: and, must be treated as such in >> accordance with state and federal laws. If you are not the intended >> recipient, you are hereby notified that any use of this communication, or >> any of its contents, is prohibited. If you have received this communication >> in error, please return to sender and delete the message from your computer >> system. >> >> >> >> >> >> >> ------------------------------ >> >> This message, and any response to it, may constitute a public record and >> thus may be publicly available to anyone who requests it in accordance >> with Chapter 149 of the Ohio Revised Code. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> ------------------------------ >> >> This message, and any response to it, may constitute a public record and >> thus may be publicly available to anyone who requests it in accordance >> with Chapter 149 of the Ohio Revised Code. >> >> >> >> >> >> >> >> >> >> >> ------------------------------ >> >> This message, and any response to it, may constitute a public record and >> thus may be publicly available to anyone who requests it in accordance >> with Chapter 149 of the Ohio Revised Code. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
