Okay thanks I was concerned I might be looking at upgrading my license sooner than I thought.
Jon On Fri, Aug 7, 2009 at 11:56 AM, Rohyans, Aaron <[email protected]>wrote: > If you’re using the traditional IPSec client, I believe you can have up > to 25 clients, **plus** 2 additional SSL VPN Clients, for a total of 27 > concurrent users. > > > > *Aaron T. Rohyans* > *Senior Network Engineer* > > *CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, > JNCIA-ER*** > > *DPSciences Corporation > *7400 N. Shadeland Ave., Suite 245 > > Indianapolis, IN 46250 > Office: (317) 348-0099 > Fax: (317) 849-7134 > *[email protected] > *http://www.dpsciences.com/ > > > > *From:* Jon Harris [mailto:[email protected]] > *Sent:* Friday, August 07, 2009 11:45 AM > > *To:* NT System Admin Issues > *Subject:* Re: Cisco VPN client on Vista 64 bit > > > > Just so I know for sure on a 5505 with the Security Plus license I can have > 10 total VPN clients accessing the device with only 2 of those being the > AnyConnect that is correct, right? > > > > Jon > > On Fri, Aug 7, 2009 at 11:18 AM, Jon Harris <[email protected]> wrote: > > Good to know EDU pricing on Essentials is sweet. > > > > Jon > > On Fri, Aug 7, 2009 at 10:50 AM, Rohyans, Aaron <[email protected]> > wrote: > > All you need is the Essentials then – gives you the same functionality of > the older IPSec client (full tunnel back to corporate). If you don’t care > about the WebVPN stuff, then you don’t ever need to worry about upgrading > again to Premium – just stick with the Essentials from here on out. > > > > *Aaron T. Rohyans* > *Senior Network Engineer* > > *CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, > JNCIA-ER* > > *DPSciences Corporation > *7400 N. Shadeland Ave., Suite 245 > > Indianapolis, IN 46250 > Office: (317) 348-0099 > Fax: (317) 849-7134 > *[email protected] > *http://www.dpsciences.com/ > > > > *From:* Jon Harris [mailto:[email protected]] > *Sent:* Friday, August 07, 2009 10:43 AM > > > *To:* NT System Admin Issues > *Subject:* Re: Cisco VPN client on Vista 64 bit > > > > Yeah it makes sense but I wish they would have just stayed cut and dried > and not followed the crowd and gone with this licensing structure. > > > > So do I need the Premium license or can I get away with an Essentials > license. The AnyConnect will work on a Mac so I don't need or want the Web > based VPN operational, which is how it is setup now. (No web based VPN) I > have several staffers that on the next OS refresh will be going to X64 on > their machines and they will need the VPN. > > > > Jon > > On Fri, Aug 7, 2009 at 10:26 AM, Rohyans, Aaron <[email protected]> > wrote: > > Well – you’re describing two different licenses – so yes, back to your > point, Cisco is getting difficult on license options J > > > > The ASA “platform” itself has several different licenses (Base, Security > Plus, VPN Edition, etc.). All come with the 2 free Premium SSL Licenses. > > > > What we’re referring to here is an **additional** license to buy on top of > your Base/Security Plus/VPN Edition license to give you the capability to > run more concurrent SSL users. SSL is just a licensed “feature” of your > normal ASA license if that makes sense. As is Phone Proxy, Advanced > Endpoint Assessment, etc. > > > > So, from what you’re describing, your normal platform license will always > remain the Security Plus license, but you will be upgrading the SSL features > of the Security Plus license to include more concurrent SSL users. > > > > Hope that makes sense J > > > > *Aaron T. Rohyans* > *Senior Network Engineer* > > *CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, > JNCIA-ER* > > *DPSciences Corporation > *7400 N. Shadeland Ave., Suite 245 > > Indianapolis, IN 46250 > Office: (317) 348-0099 > Fax: (317) 849-7134 > *[email protected] > *http://www.dpsciences.com/ > > > > *From:* Jon Harris [mailto:[email protected]] > *Sent:* Friday, August 07, 2009 10:05 AM > > > *To:* NT System Admin Issues > *Subject:* Re: Cisco VPN client on Vista 64 bit > > > > That last sounds expensive unless we can use a 5505 to be the license > server. I think we have the Premium license now it is called Security Plus > and gave me the 2 AnyConnects I have now but does give me an option to add > additional licenses. Cisco is getting just as hard as Microsoft at dealing > with on licenses. > > > > Jon > > On Fri, Aug 7, 2009 at 9:56 AM, Rohyans, Aaron <[email protected]> > wrote: > > Not entirely sure – but from what I’ve heard, it’s either or… i.e. you buy > 100 Essentials licenses now… then down the road you cannot “upgrade” to a > premium… you have to purchase an entirely new set of 100 Premium licenses. > Thus, your ASA becomes a “Premium only” SSL box. Your users will remain > unaffected as it’s the same AnyConnect client for both license structures. > You’ll just get the ability to do WebVPN proxy as well. That (IMHO) is why > they made the Essentials package so much cheaper - +/-$200 now is > justifiable for quick connectivity, but sooner or later you’ll probably have > to spend the real money on the Premium licenses. > > > > Also, with version 8.2 of the ASA code, Cisco now gives you the ability to > do Flex Licensing. Flex Licensing allows you to buy, say 100 Essentials and > 100 Premium licenses, throw them onto a License Server (another ASA), then > have all 200 of your License Server licenses be allocated dynamically to > multiple ASAs around your environment (each “child” ASA will enroll with the > License server to request SSL licenses as the needs arise). > > > > *Aaron T. Rohyans* > *Senior Network Engineer* > > *CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, > JNCIA-ER* > > *DPSciences Corporation > *7400 N. Shadeland Ave., Suite 245 > > Indianapolis, IN 46250 > Office: (317) 348-0099 > Fax: (317) 849-7134 > *[email protected] > *http://www.dpsciences.com/ > > > > *From:* Jon Harris [mailto:[email protected]] > *Sent:* Friday, August 07, 2009 8:41 AM > > > *To:* NT System Admin Issues > *Subject:* Re: Cisco VPN client on Vista 64 bit > > > > Aaron, > > > > How hard is it to switch from one license form to another? I will be > looking at that soon. > > > > Jon > > On Fri, Aug 7, 2009 at 8:32 AM, Rohyans, Aaron <[email protected]> > wrote: > > The older IPSec client is going away in favor of the AnyConnect SSL VPN > Client (which works on all 32/64 bit platforms). Eventually, Cisco will add > IPSec support for the AnyConnect client (so that it connect using SSL, or > traditional methods), but for now it is completely SSL based. You get 2 > free Premium licenses with the Base License of an ASA – standard. You can > purchase AnyConnect Essentials licenses (which give you everything you need > to create a full VPN tunnel) for about $200 for 100 users – so the price is > reasonable. The Premium version of the licenses add the capability to do > WebVPN Proxy as well, but will run you significantly more. > > > > You cannot run Essentials/Premium licenses simultaneously… it is one or the > other. For simple VPN tunneling capabilities (like what the older IPSec > client did)… the Essentials is what you want and you can pick up 100 > licenses for next to nothing. > > > > As someone else mentioned, you can also generate a self-signed cert on the > ASA for free, but your users will need to click through a few warnings in > order to connect (similar to how IE forces you to acknowledge that you are > going to a secure site that it doesn’t trust). I always recommend enrolling > with a 3rd party CA (Entrust, Verisign, GoDaddy, etc.) to make > installations and subsequent connections go smoothly. > > > > Hope this helps! > > > > *Aaron T. Rohyans* > *Senior Network Engineer* > > *CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, > JNCIA-ER* > > *DPSciences Corporation > *7400 N. Shadeland Ave., Suite 245 > > Indianapolis, IN 46250 > Office: (317) 348-0099 > Fax: (317) 849-7134 > *[email protected] > *http://www.dpsciences.com/ > > > > *From:* Owens, Michael [mailto:[email protected]] > *Sent:* Friday, August 07, 2009 8:24 AM > > > *To:* NT System Admin Issues > *Subject:* RE: Cisco VPN client on Vista 64 bit > > > > ahahhaah Well I guess theres that too. > > > > Wow it's early. > > > ------------------------------ > > *From:* David W. McSpadden [mailto:[email protected]] > *Sent:* Friday, August 07, 2009 8:23 AM > *To:* NT System Admin Issues > *Subject:* Re: Cisco VPN client on Vista 64 bit > > Just more licenses... > > ----- Original Message ----- > > *From:* Owens, Michael <[email protected]> > > *To:* NT System Admin Issues <[email protected]> > > *Sent:* Friday, August 07, 2009 8:19 AM > > *Subject:* RE: Cisco VPN client on Vista 64 bit > > > > So wait - when Windows 7 comes out, (and supposedly everyone goes to it) > Everyone will need to buy new ASAs, or more SSL lisenses? I read that Ncp > secure entry client, works... I dont suppose anyone has given it a shot? > > > > > > http://www.ncp-e.com/en/solutions/vpn-products/secure-entry-client.html > ------------------------------ > > *From:* Jon Harris [mailto:[email protected]] > *Sent:* Friday, August 07, 2009 8:11 AM > *To:* NT System Admin Issues > *Subject:* Re: Cisco VPN client on Vista 64 bit > > ASA will generate a self-signed cert for you and on X64 you will use > AnyConnect. Depending on how you set it up you can make it so that only > preinstalled users can access it. I just finished getting ours up and > running with 2 clients using the AnyConnect, and now have to look at getting > an expanded license so that I can use the AnyConnect more. > > > > Jon > > On Fri, Aug 7, 2009 at 8:02 AM, N Parr <[email protected]> wrote: > > Load a cert and away you go, it's all web based. > > > ------------------------------ > > *From:* Owens, Michael [mailto:[email protected]] > > *Sent:* Friday, August 07, 2009 6:59 AM > > > *To:* NT System Admin Issues > > *Subject:* RE: Cisco VPN client on Vista 64 bit > > > > I was afraid you'd say that. It actually isn't MY ASA. I do side work for a > company I used to work for... one of the big wigs there still refuses to use > anyone but me, and he pays me well! > > > > Anyway I guess I walked into this one. :) > > > > With the SSL lisenses, how do you connect? > > > > Mike > > > ------------------------------ > > *From:* Eldridge, Dave [mailto:[email protected]] > > *Sent:* Friday, August 07, 2009 7:53 AM > > > *To:* NT System Admin Issues > *Subject:* RE: Cisco VPN client on Vista 64 bit > > > > Nadda. > > Did your asa come with 3 ssl licenses? Mine did and that is what I use. > > It will be interesting to see what they do with 64 bit 7. > > > > *From:* Owens, Michael [mailto:[email protected]] > *Sent:* Friday, August 07, 2009 5:50 AM > *To:* NT System Admin Issues > *Subject:* Cisco VPN client on Vista 64 bit > > > > I think I remember seeing someone post about this a while back... > > > > Is there something that will connect to an ASA (preferebly free) since > apparently Cisco has never made (and has no intention of making) a 64 bit > version of their client? > > > > I will accept limited juryrigging. :) > > > > I refuse to believe that Cisco has yet to come out with something for 64bit > operationg systems? Its been like 7 years? > > > > > > Thanks! > > Mike > > > ------------------------------ > > This message, and any response to it, may constitute a public record and > thus may be publicly available to anyone who requests it in accordance > with Chapter 149 of the Ohio Revised Code. > > > > > > This e-mail contains the thoughts and opinions of the sender and does not > represent official Parkview Medical Center policy. > > This communication is intended only for the recipient(s) named above, may > be confidential and/or legally privileged: and, must be treated as such in > accordance with state and federal laws. If you are not the intended > recipient, you are hereby notified that any use of this communication, or > any of its contents, is prohibited. If you have received this communication > in error, please return to sender and delete the message from your computer > system. > > > > > > > ------------------------------ > > This message, and any response to it, may constitute a public record and > thus may be publicly available to anyone who requests it in accordance > with Chapter 149 of the Ohio Revised Code. > > > > > > > > > > > > > > > > > ------------------------------ > > This message, and any response to it, may constitute a public record and > thus may be publicly available to anyone who requests it in accordance > with Chapter 149 of the Ohio Revised Code. > > > > > > > > > > > ------------------------------ > > This message, and any response to it, may constitute a public record and > thus may be publicly available to anyone who requests it in accordance > with Chapter 149 of the Ohio Revised Code. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
