5505 Anyconnect essentials license clarification please

Similar Messages

• Anyconnect Essentials License

  Sorry if this question has been asked, i couldnt find an answer anywhere.
  I have an ASA5520 with Anyconnect Essentials enabled, I want to replace this FW with an ASA5540 can I migrate the Anyconnect Essentials license?
  Thanks                  

  In general the license of an ASA is tied to the serial number of the ASA. This means that there is not an easy way to migrate a license from one ASA to another. In the case of an RMA there is a way that TAC can move the license.
  It might be worth asking whoever is providing the ASA5540 if they can work out anything about the license. In the case of a purchase there might be some possible concession on license provisioning. But in general when you get a new ASA you need to get a new license.
  HTH
  Rick

• Cisco Anyconnect Essentials License - what does this

  Hello Communtiy.
  I have successfully installed an ASA with Anyconnect. The Anyconnect client on my laptop works great.
  But why should i now buy an Cisco Anyconnect Essentials License, for what exact is that license ?
  Anyconnect works great without that license.
  But i cant connnect with my IPhone with the Cisco Anyconnect for Iphone app. Should i buy the Anyconnect for Mobile license, and is this license just for one device or for all devices. Because that license is really cheap. Normaly Cisco licenses are expensiv.     
  Thanks and kind regards patrick         

  If you don't have any AnyConnect Premium licenses, then you are restricted to two simultanious connections if you don't have the anyConnect Essentials license. And you are right, for i-devices (and Android and ...) you need the AnyConnect Mobile license.
  Both AnyConnect Essentials and AnyConnect Mobile are licensed per ASA and not per concurrent user/connection. And AnyConnect Mobile needs an AnyConnect Essential or an AnyConnect Preimium License to be activated.
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• 5505 and essentials license

  I have a 5505 that is on asa code version 8.0(4) and has security plus license. I would like to put the essentials license on it but I have read that the asa needs to be on code version 8.2 or above per this link:
  https://supportforums.cisco.com/docs/DOC-13424
  However, when i have ordered the licenses in the past it always comes with 2 activation keys, one for 8.2 and above and one for below version 8.2. Here is what it says in the e-mail i get with the activation key:
  THE FOLLOWING ACTIVATION KEY IS VALID FOR:
  ALL ASA SOFTWARE RELEASES, BUT EXCLUDES ANY
  8.2+ FEATURES FOR BACKWARDS COMPATIBILITY.
  What are the features that are not included if the asa is on code versions earlier than 8.2?
  Thanks!

  Benjamin,
  The license is actually for version earlier than 8.2.
  "ALL ASA SOFTWARE RELEASES, BUT EXCLUDES ANY 8.2+ FEATURES"
  So you can install it just fine if you are running 8.0.4
  Regards,
  Felipe.

• Firewall Cisco ASA 5505 new interface license problem

  Hi
  I have one ASA 5505 with a Base License
  The problem is when i want to use a new named interface the system says "With current License maximum number of named interfaces allowed is 3. Name cannot be set for this interface"
  And the question is if with this base license the interface cannot be used or only cannot be named?
  here the output of my firewall:
  Cisco Adaptive Security Appliance Software Version 8.2(5)
  Device Manager Version 6.4(5)
  Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
  Internal ATA Compact Flash, 128MB
  BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
  Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                               Boot microcode   : CN1000-MC-BOOT-2.00
                               SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                               IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
  0: Int: Internal-Data0/0    : address is e02f.6de6.7843, irq 11
  1: Ext: Ethernet0/0         : address is e02f.6de6.783b, irq 255
  2: Ext: Ethernet0/1         : address is e02f.6de6.783c, irq 255
  3: Ext: Ethernet0/2         : address is e02f.6de6.783d, irq 255
  4: Ext: Ethernet0/3         : address is e02f.6de6.783e, irq 255
  5: Ext: Ethernet0/4         : address is e02f.6de6.783f, irq 255
  6: Ext: Ethernet0/5         : address is e02f.6de6.7840, irq 255
  7: Ext: Ethernet0/6         : address is e02f.6de6.7841, irq 255
  8: Ext: Ethernet0/7         : address is e02f.6de6.7842, irq 255
  9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
  10: Int: Not used            : irq 255
  11: Int: Not used            : irq 255
  Licensed features for this platform:
  Maximum Physical Interfaces    : 8        
  VLANs                          : 3, DMZ Restricted
  Inside Hosts                   : Unlimited
  Failover                       : Disabled
  VPN-DES                        : Enabled  
  VPN-3DES-AES                   : Enabled  
  SSL VPN Peers                  : 2        
  Total VPN Peers                : 10       
  Dual ISPs                      : Disabled 
  VLAN Trunk Ports               : 0        
  Shared License                 : Disabled
  AnyConnect for Mobile          : Disabled 
  AnyConnect for Cisco VPN Phone : Disabled 
  AnyConnect Essentials          : Disabled 
  Advanced Endpoint Assessment   : Disabled 
  UC Phone Proxy Sessions        : 2        
  Total UC Proxy Sessions        : 2        
  Botnet Traffic Filter          : Disabled 

  Hi,
  The ASA5505 has with Base License the limitation of 3 Vlan interface of which 1 is also limited in access (shown by the above output mentioning DMZ Restricted)
  For an interface on the ASA to operate it must have a name with the command "nameif"
  If you already have 3 Vlan interfaces in use then with this license you wont be able to configure 4th Vlan interface without getting a license that supports more interfaces. I guess that would be the Security Plus license.
  I know that this has come as a surprise to several users that have posted here on the forums. I too think that its a needles "feature" in the ASA to limit the use of the device in such a way.
  - Jouni

• ASA5510 Security Plus + Anyconnect Essentials = BASE?

  Recently upgraded a 5510 to Anyconnect Essentials and Anyconnect Mobile, the device was Security Plus and is now Base. Is it supposed to work this way? I lost my Gigabit interfaces. Is it possible to have Security Plus + Anyconnect Essentials?

  I'm sure this should be OK.
  I had a similar problem with an ASA 5505 that had been upgraded to Sec Plus and subsequently Anyconnect Mobile. TAC were able to sort it out very rapidly and issue the correct license file.

• Cisco ASA 5505 AnyConnect SSL VPN problem

  Hi!
  I have a small network, wiht ASA 5505, 8.4:
  Inside network: 192.168.2.0/24
  Outside: Static IP
  I would like to deploy a SSL AnyConnect setup.
  The state:
  -I give the correct IP from my predefined VPN pool (10.10.10.0/24).
  But, could not reach any resource, could not ping too. My host has given 10.10.10.1 IP, and I had a GW: 10.10.10.2. Where is this GW from?
  Could you help me?
  Here is my config (I omitted my PUBLIC IP, and GW): 
  Result of the command: "show running-config"
  : Saved
  ASA Version 8.4(4)1
  hostname valamiASA
  domain-name valami.local
  enable password OeyyCrIqfUEmzen8 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  switchport access vlan 12
  interface Vlan1
  description LAN
  no forward interface Vlan12
  nameif inside
  security-level 100
  ip address 192.168.2.1 255.255.255.0
  interface Vlan2
  description WAN
  nameif outside
  security-level 0
  ip address MY_STATIC_IP 255.255.255.248
  interface Vlan12
  description Vendegeknek a valamiHotSpot WiFi-hez
  nameif guest
  security-level 100
  ip address 192.168.4.1 255.255.255.0
  management-only
  ftp mode passive
  clock timezone GMT 0
  dns domain-lookup inside
  dns domain-lookup outside
  dns domain-lookup guest
  dns server-group DefaultDNS
  name-server 62.112.192.4
  name-server 195.70.35.66
  domain-name valami.local
  same-security-traffic permit intra-interface
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network inside-net
  subnet 192.168.2.0 255.255.255.0
  object network guest-net
  subnet 192.168.3.0 255.255.255.0
  object network NETWORK_OBJ_192.168.2.128_25
  subnet 192.168.2.128 255.255.255.128
  object-group protocol DM_INLINE_PROTOCOL_3
  protocol-object ip
  protocol-object icmp
  object-group protocol DM_INLINE_PROTOCOL_1
  protocol-object ip
  protocol-object icmp
  object-group protocol DM_INLINE_PROTOCOL_2
  protocol-object ip
  protocol-object icmp
  access-list global_access extended permit object-group DM_INLINE_PROTOCOL_3 any any
  access-list AnyConnect_Client_Local_Print extended deny ip any any
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
  access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
  access-list AnyConnect_Client_Local_Print remark Windows' printing port
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
  access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
  access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
  access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
  access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
  access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
  access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
  access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any
  access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu guest 1500
  ip local pool valami_vpn_pool 10.10.10.1-10.10.10.10 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any inside
  no asdm history enable
  arp timeout 14400
  object network inside-net
  nat (inside,outside) dynamic interface
  object network guest-net
  nat (guest,outside) dynamic interface
  access-group inside_access_in in interface inside
  access-group outside_access_in in interface outside
  access-group global_access global
  route outside 0.0.0.0 0.0.0.0 MY_STATIC_GW 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa local authentication attempts max-fail 16
  http server enable
  http 192.168.2.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  telnet timeout 5
  ssh timeout 5
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  dhcpd auto_config outside
  threat-detection basic-threat
  threat-detection statistics host
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  enable inside
  enable outside
  anyconnect-essentials
  anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
  anyconnect enable
  tunnel-group-list enable
  group-policy GroupPolicy_valami_VPN internal
  group-policy GroupPolicy_valami_VPN attributes
  wins-server value 192.168.2.2
  dns-server value 192.168.2.2
  vpn-tunnel-protocol ssl-client
  split-tunnel-policy tunnelall
  default-domain value valami.local
  webvpn
    anyconnect ssl rekey time 30
    anyconnect ssl rekey method ssl
    anyconnect ask enable default anyconnect timeout 30
    customization none
    deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
  username test password P4ttSyrm33SV8TYp encrypted
  tunnel-group valami_VPN type remote-access
  tunnel-group valami_VPN general-attributes
  address-pool valami_vpn_pool
  default-group-policy GroupPolicy_valami_VPN
  tunnel-group valami_VPN webvpn-attributes
  group-alias valami_VPN enable
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:d54de340bb6794d90a9ee52c69044753
  : end

  First of all thanks your link.
  I know your notes, but i don't understand 1 thing:
  if i check nat exemption in the anyconnect wizad, why should i make nat exemption rule?
  A tried creating a roule, but it is wrong.
  My steps (on ASDM):
  1: create network object (10.10.10.0/24), named VPN
  2: create nat rule: source any, destination VPN, protocol any
  Here is my config:
  Result of the command: "show running-config"
  : Saved
  ASA Version 8.4(4)1
  hostname companyASA
  domain-name company.local
  enable password OeyyCrIqfUEmzen8 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  switchport access vlan 12
  interface Vlan1
  description LAN
  no forward interface Vlan12
  nameif inside
  security-level 100
  ip address 192.168.2.1 255.255.255.0
  interface Vlan2
  description WAN
  nameif outside
  security-level 0
  ip address 77.111.103.106 255.255.255.248
  interface Vlan12
  description Vendegeknek a companyHotSpot WiFi-hez
  nameif guest
  security-level 100
  ip address 192.168.4.1 255.255.255.0
  ftp mode passive
  clock timezone CEST 1
  clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
  dns domain-lookup inside
  dns domain-lookup outside
  dns domain-lookup guest
  dns server-group DefaultDNS
  name-server 62.112.192.4
  name-server 195.70.35.66
  domain-name company.local
  same-security-traffic permit intra-interface
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network inside-net
  subnet 192.168.2.0 255.255.255.0
  object network guest-net
  subnet 192.168.3.0 255.255.255.0
  object network NETWORK_OBJ_192.168.2.128_25
  subnet 192.168.2.128 255.255.255.128
  object network WEBSHOP
  host 192.168.2.2
  object network INSIDE_HOST
  host 10.100.130.5
  object network VOIP_management
  host 192.168.2.215
  object network Dev_1
  host 192.168.2.2
  object network Dev_2
  host 192.168.2.2
  object network RDP
  host 192.168.2.2
  object network Mediasa
  host 192.168.2.17
  object network VOIP_ePhone
  host 192.168.2.215
  object network NETWORK_OBJ_192.168.4.0_28
  subnet 192.168.4.0 255.255.255.240
  object network NETWORK_OBJ_10.10.10.8_29
  subnet 10.10.10.8 255.255.255.248
  object network VPN
  subnet 10.10.10.0 255.255.255.0
  object network VPN-internet
  subnet 10.10.10.0 255.255.255.0
  object-group protocol DM_INLINE_PROTOCOL_3
  protocol-object ip
  protocol-object icmp
  object-group protocol DM_INLINE_PROTOCOL_1
  protocol-object ip
  protocol-object icmp
  object-group protocol DM_INLINE_PROTOCOL_2
  protocol-object ip
  protocol-object icmp
  access-list global_access extended permit object-group DM_INLINE_PROTOCOL_3 any any
  access-list AnyConnect_Client_Local_Print extended deny ip any any
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
  access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
  access-list AnyConnect_Client_Local_Print remark Windows' printing port
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
  access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
  access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
  access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
  access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
  access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
  access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
  access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any
  access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu guest 1500
  ip local pool company_vpn_pool 10.10.10.10-10.10.10.15 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any inside
  no asdm history enable
  arp timeout 14400
  nat (any,any) source static any any destination static VPN VPN
  nat (inside,outside) source static inside-net inside-net destination static VPN VPN
  object network inside-net
  nat (inside,outside) dynamic interface
  object network guest-net
  nat (guest,outside) dynamic interface
  access-group inside_access_in in interface inside
  access-group outside_access_in in interface outside
  access-group global_access global
  route outside 0.0.0.0 0.0.0.0 77.111.103.105 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa local authentication attempts max-fail 16
  http server enable
  http 192.168.2.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  telnet timeout 5
  ssh timeout 5
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  dhcpd auto_config outside
  threat-detection basic-threat
  threat-detection statistics host
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  enable inside
  enable outside
  anyconnect-essentials
  anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
  anyconnect enable
  tunnel-group-list enable
  group-policy GroupPolicy_company_VPN internal
  group-policy GroupPolicy_company_VPN attributes
  wins-server value 192.168.2.2
  dns-server value 192.168.2.2
  vpn-tunnel-protocol l2tp-ipsec
  split-tunnel-policy tunnelall
  default-domain value company.local
  webvpn
    anyconnect ssl rekey time 30
    anyconnect ssl rekey method ssl
    anyconnect ask enable default anyconnect timeout 30
    customization none
    deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
  group-policy GroupPolicy_VPN internal
  group-policy GroupPolicy_VPN attributes
  wins-server none
  dns-server value 62.112.192.4 195.70.35.66
  vpn-tunnel-protocol ssl-client
  default-domain value company.local
  username test password P4ttSyrm33SV8TYp encrypted
  tunnel-group company_VPN type remote-access
  tunnel-group company_VPN general-attributes
  address-pool company_vpn_pool
  default-group-policy GroupPolicy_company_VPN
  tunnel-group company_VPN webvpn-attributes
  group-alias company_VPN enable
  tunnel-group VPN type remote-access
  tunnel-group VPN general-attributes
  address-pool company_vpn_pool
  default-group-policy GroupPolicy_VPN
  tunnel-group VPN webvpn-attributes
  group-alias VPN enable
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
    inspect icmp error
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:33ee37a3722f228f9be9b84ef43f731e
  : end
  Could you give me a CLI-code?
  (or ASDM steps).

• AnyConnect Essentials lincensing on ASA5510 in HA

  Hi guys,
  Can someone help me with info regarding licensing.
  Got 2 pairs of HA  ASAs and didn't manage to find the answer - 2(per pair) or 4(for each one) licenses are needed.
  The ASAs are in Active/Standby mode.
  Just don't want to be in position if one of the ASAs fail the Anyconnect clients to lose functionality.
  Also is reboot required after entering the licenses?
  Thank you very much in advance.
  Regards,
  Nikolay

  Starting with ASA v8.3 the ASAs in HA don't need the same licenses. So you only need one AnyConnect Essentials per Cluster. But if you are running v8.2 or lower, you need one license per ASA.
  For the activation of AnyConnect Essentials, no reboot is required.
  Sent from Cisco Technical Support iPad App

• Strange Behavior for web deployment of Anyconnect essentials

  We've got a weird problem that has popped up and we've been unable to figure out what's going on.
  We have instructed our user community to start their VPN sessions by connecting to our ASA 5520 with a browser to download (if necessary) and initiate the Anyconnect essentials VPN client.  Everything was working fine until a few days ago.
  We have had several people report the same problem.  They connect with the browser, enter their login information and are greeted with our "authorized use only" message by the ASA.  Then, instead of downloading (if necessary) and starting the VPN client software, the web page just goes back to the login prompt without displaying any error message.  The client software is never downloaded or started.
  We've been able to work around this by installing the client software manually (where necessary) and starting the VPN client from the start menu.  However, this isn't our preferred solution because this method won't have them automatically picking up updated versions of the VPN client. 
  We have seen this behavior before when there was a pending Java update that had not been applied.  However, that doesn't seem to be the case this time.  Clients have recently updated to IE9, but I have personnally been running the Anyconnect client and launching through IE9 for months.
  Any ideas about what's wrong or how to debug this?
  Thanks
  Patrick

  Hi Patrick,
  Ideally, when you have Anyconnect Essentials enabled on the ASA, you cannot get access to the Clientless VPN (Web Portal access to the internal resources) however the Web Launch of the Anyconnect client does work with it.
  I see that you have implemented this a different way (workaround) by manually installing the Anyconnect VPN clients on the machines and then trying to connect it to the ASA, which works and this means that configuration on the ASA for allowing the Anyconnect connection is correct. Now it is not allowing you to launch it from the web portal on machines which means the download access has been restricted somewhere on the ASA.
  Could you please follow these two steps and let me know if you see something different.
  1. Get access to the ASDM and follow this: Configuration>>Remote Access>>Anyconnect>>Edit the tunnel-group on which you connection is landing>>Login setting. Please check if it says go to the clientless portal or launch Anyconnect. It has to be Download Anyconnect automatically.
  2. If you are not getting the prompt for the username and password on the webportal then go to Configuration>>Remote Access>>Clientless (not sure if it is under Anyconnect or clientless, please check both) where you get option: shut down portal login on the main page. Please make sure that it is unchecked.
  In your case I see that the users are getting prompt for the username and password however when you authenticate yourself you are getting error message: authorized use only then it could be something to do with the DAP Policies (dynamic access policy).
  Go to the dynamic access policies and you will get an option named as Anyconnect (please check if the correct option is checked under the same). If multiple dap policies are configured then please check the dap policy which gets pushed when the user logs in and make changes to that specific dap policy.
  Please let me know if this help else I would request you to open a TAC request and we will look into this issue. If you find something different then please share here.
  Thanks,
  Vishnu Sharma

• VLAN problems with SG200-8P and Cisco ASA 5505 (Sec Plus license)

  Hi,  I've been pulling my hair out trying to get simple vlan trunking working between these devices.
  Basically, no clients on VLAN 99 (guest) will receive DHCP ip addresses when plugged into the SG200.  I have the SG200<>ASA VLAN trunk configured correctly, as I know it, and I've tried numerous variations (set trunk as general tag/untagged, etc., set the ap port to general tag/untag, etc).   Both AP's work properly when connected to the ASA e0/3 port but either will only pull the "inside" VLAN dhcp address when connected to the SG200 switch
  VLAN 1 - inside (has separate dhcp scope assigned by ASA)
  VLAN 99 - guest (has separate dhcp scope assigned by ASA)
  SG200
  purpose
  ASA 5505 (Sec Plus license)
  purpose
  g2
  Trunk 1UP,99T
  Ubiquiti AP (VLAN 1 works, VLAN 99 does not
  g3
  Access port 99T
  vlan 99 does not work
  g8
  Trunk 1UP, 99T
  < Trunk between switch and ASA >
  Int e0/2
  switchport trunk allowed vlan 1,99
   switchport trunk native vlan 1
   switchport mode trunk
  Int e0/3
  switchport trunk allowed vlan 1,99
   switchport trunk native vlan 1
   switchport mode trunk
  Second ubiquiti AP
  Both VLAN 1 and VLAN 99 clients work properly

  Frustrated - yes.  Confused - maybe not as much, but I could have put some more effort into the overall picture.
  There are two VLANs (1 - native) and (99 - guest).   There is a trunk port between the SG200 and the ASA configured as 1-untagged 99 - tagged.    
  No clients connected to the SG200 on VLAN 99  are able to access the ASA VLAN 99 using either a static VLAN IP address or DHCP.   The problem occurs whether I configure the SG200 with an access port 99-tagged or Trunk port 1UP, 99T or general port 1U, 99UP or any combination thereof.
  Anything connected to the SG200 on the native VLAN works properly.
  Anything connected to the ASA VLANs (1 or 99) works properly
  I have not yet tried to see what the switch is doing with the VLAN tags but I suspect I have some mismatch with the Linksys/Cisco SG200 way of setting up a VLAN and how traditional Cisco switches work.
  I was hoping someone with a working SG200 - Cisco ASA setup could share their port/trunk/VLAN settings or perhaps point me in the right direction.
  SG200 g2 - trunk port (1UP, 99T) -- Access Point
  SG200 g2 - access port (99U)
  SG200 g8 - trunk port (1UP, 99T)  connected to ASA5505  e0/3  
  ASA5505 e0/3  (switchport trunk allowed vlan 1,99,  switchport trunk native vlan 1,  switchport mode trunk)
  Thanks,

• Windows Server 2012 Used: Error Message from Windows 7 PC: Remote session was disconnected because there are no remote desktop license servers available to provide a license. Please contact the server administrator.

  We are using Windows Server 2012 Standard installed in VMWare / Virtual machine and to access this we use vSphere client and Remote Desktop Connection / service was already enabled and was working fine with User PCs / laptops remote desktop into the server
  2012, until it gave an error message of: Remote session was disconnected because there are no remote desktop license servers available to provide a license.  Please contact the server administrator. whilst logging into the server. 
  We DON'T use Active Directory nor and we don't use domain and not looking to use it any-time soon. 
  I checked the RD Licensing Diagnoser and it says the grace period has expired and the licensing mode for the remote desktop session host server is not configured.  I have checked the Remote Desktop Gateway has been stopped and I tried to start it and it
  resumed to stop, here I assume its where the licensing part comes in to re-enabled this. 
  I have been trying to follow these articles online: http://ryanmangansitblog.com/2013/03/27/deploying-remote-desktop-gateway-rds-2012/ and http://www.concurrency.com/blog/rds8-add-a-licensing-server-2/#Install  the overview part that I cannot get into,
  because I think we have to be is AD DS for this which we don't.  Is there a way around this for non domain / just standalone set-up?  Is it a must / requirement we need to be in a domain in order for Remote Desktop Connection to work? 
  Also, we have a Windows Server 2012 RDS CALs - 10 (software and licence key), will the licence key work for the Windows 2012 Server Standard?  We do not want to install the other Server mentioned which comes with CAL / licence key as its time consuming
  to reinstall other programs.  I have installed  Server role service of Remote Desktop Licencing and automatically installed other associated services needed.  in the RD Licencing Manager, the Server had a red cross and I "Activate Server"
  where I followed: http://www.concurrency.com/blog/rds8-add-a-licensing-server-2/#Install in Install Licences section and I have used the licence key of CAL - 10 mentioned above; it stated I have successfully completed the install licences wizard and displayed:
  10 Windows Server 2012 - RDS Per User CAL installed, and in the RD Licensing Manager the server turned into a green tick and added the licence.  
  I then tested the Remote desktop connection from my PC and the same error message was there and checked the RD Licensing Diagnoser and the same error messages was there.  I haven't restart the services of Remote Gateway / the server itself; do I really
  need to reboot server?  
  Any advice / guidance would be very much appreciated and this is a urgent matter.  
  Thank you for your time.

  Hotfix Released here:
  http://support.microsoft.com/kb/2916846

• Visual Age 3.5 and Weblogic Intergration Kit (License Expired, please Contact BEA Systems Inc)

  Hi,
  I started to run the Weblogic Server on my machine yesterday and I suddenly got
  this error:
  "License Expired, Please Contact BEA Systems Inc"
  This is the message I got on the Visual Age Console:
  "Invalid BEA WLS Integration Kit License. Please cantact BEA"
  I was able to run Weblogic Server until the past 2 weeks. I tried to re-install
  the whole Visual Age 3.5
  and as well as the Integration Kit I download from the Weblogic website and I
  still get the same
  problem. Can somebody help me with this. I haven't upgraded to 3.5.3 yet.
  Thanks
  Sameera

  Sameera,
  The Kit available from the BEA website is an evaluation version. You need to
  contact BEA Sales for a permanent license.
  Thanks,
  Nirav.
  Sameera Balay wrote:
  Hi,
  I started to run the Weblogic Server on my machine yesterday and I suddenly got
  this error:
  "License Expired, Please Contact BEA Systems Inc"
  This is the message I got on the Visual Age Console:
  "Invalid BEA WLS Integration Kit License. Please cantact BEA"
  I was able to run Weblogic Server until the past 2 weeks. I tried to re-install
  the whole Visual Age 3.5
  and as well as the Integration Kit I download from the Weblogic website and I
  still get the same
  problem. Can somebody help me with this. I haven't upgraded to 3.5.3 yet.
  Thanks
  Sameera--
  Nirav Chanchani
  BEA Systems, Inc.

• The serial number you entered has expired. This product cannot be licensed. Please contact Customer Support. Provide a serial number.

  I work for a University. We've purchased a few copies of Adobe Acrobat Pro XI boxed software. It's been working great all along. Now, it won't work at all. Error as follows:
  "The serial number you entered has expired.This product cannot be licensed. Please contact Customer Support. Provide a serial number."

  You need to do what it says... contact Adobe Customer Support. We can't help for two reasons (a) we are not Adobe staff (b) even if we were, we can't examine private serial numbers in a public forum.
  When you contact them, best to have all the paperwork from the original purchase in case there are difficulties with a supplier etc.

• Error "The remote connection was disconnected because there are no Remote Desktop License Servers available to provide a license. Please contact the server administrator"

  Hi,
  I have been using Windows server 2012 at my company and generally take a remote access to this server. However, since last few days, I have been receiving the Error "The remote connection was disconnected because there are no Remote Desktop License
  Servers available to provide a license. Please contact the server administrator". 
  My entire work has come to a halt because of this error as all my applications are running this server and their remote access is needed for my regular requirements. 
  I had tried one of the solutions proposed at one of these forums especially using gpedit.msc but to no avail. 
  Regards,
  Aditya

  Hi Aditya,
  Thank you for posting in Windows Server Forum.
  Agree with the words of armin, please verify that you have properly installed correctly. Verify RDS Licensing service running on License Server. Verify that the client, the RDS server, and the license server can communicate by ensuring that Domain Name System
  (DNS) is configured correctly on each computer. You can run the ping command from each computer to each computer using the IP address, FQDN, and the NetBIOS name. If any of the ping commands fail, verify the DNS configuration on the network.
  In addition, you can also try “GracePeriod” registry setting on this path (HKLM\System\CurrentControlSet\Control\Terminal Server\RCM) from
  this article.
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Server 2012 + CALs License Clarifications

  Dear ALL,
  I need some clarifications in licensing to provide the appropriate
  solution to my customer.
  One of my customer purchased Dell Server with preloaded
  Windows Server 2012 OS (Standard Edition) from us(from my company) to replace the
  existing server which has windows server 2003.
  Now the thing is customer want to transfer/migrate their Server CALs and
  Terminal Server CALs of Server 2003 to Server 2012.
  But Is that possible to transfer/migration of CALs from server 2003 to 2012?
  In case of not possible,
  Can I suggest windows server 2003 to install as virtual OS in Hyper-V
  to use their existing CAL?
  And is there any additional license is required to use server 2003 in
  Hyper-V?
  Expecting your valuable answer/solution.
  Thanks in advance.

  I would recommend contacting a Microsoft Licensing specialist to get details about your questions.
  Please note that Windows Server 2003 will be not supported soon. So, I would recommend upgrading to a higher OS whenever it is possible.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile