ASA SSL Licensing query

Hi,
We are planning on putting Active/Standby pairs of ASA CSC bundles at three of our sites. We would also like to use these pairs as SSL head end devices.
The question is whether we really need to purchase two sets of SSL licenses (and for that matter CSC user licenses) when only one device will ever be active in the proposed scenario?
I would be very grateful if anyone can clear this up as I have not been able to find anything definitive on Cisco's web or through their distribution channels.
Thanks
Richards

Hi Raj,
Thanks for the response,i was worried that this was the case. Are you totally sure, have you deployed a similar scenario?
We're looking at the 500 user license (list at $30k) so it is harsh that we need to purchase the license twice. I'm sure Cisco will rectity this over time though.
Thanks

Similar Messages

  • Asa ssl licensing

    We have a 5520 ASA with a 100 user ssl license. We need to increase this but 250 is overkill. Is there an option to just add 50 more licenses or do we have to go up to 250?
    Sent from Cisco Technical Support iPhone App

    That's right - the next level after 100 is 250. Please refer to this post for more details.

  • Ikev2 VPN without using a SSL license? (ASA-5512)

    Hi All,
    I've enabled Cisco "Anyconnect Premium Peers" for client less ssl vpn connections, the obvious catch is that for ikev2 Anyconnect sessions it wants to use up the SSL license pool instead of the IPSEC pool  (which I have lots of connection licenses for "Total VPN Peers : 250".
    * Is there any way to configure Anyconnect to connect via IPSEC and use an IPSEC license (while keeping the Anyconnect Premium Peers enabled)?
    * Do I have to consider 3rd party vpn clients, outside Anyconnect?
    cya
    Craig

    Remote-Access sessions with IKEv2 will always consume a Premium license. Changing to a different client won't help unless you change to a client that uses the legacy EasyVPN technology. But that shouldn't be the solution.
    If you enable AnyConnect Essentials, you can use AnyConnect with IPSec up to the platform-limit but you can't use the premium-features (like clientless) anymore at the same time.
    In a situation like that where lots of AnyConnect-Sessions were needed and only a couple of clientless sessions, I installed AnyConnectEssentials on the main ASA and deployed another ASA only for clientless VPN. Due to the high cost of the VPN-premium licenses it was much cheaper then buying Premium licenses for all VPN users.
    Sent from Cisco Technical Support iPad App

  • Upgrade SSL License for ASA5540

    Hi,
    I have ASA5540 with 1000 SSL-VPN License, then I would like upgrade from 1000 to 2000. Which part I have to add between
    L-ASA-SSL-1000=
    L-ASA-SSL-1K-2500=
    ASA5500-SSL-1000=
    Thanks,
    Pongsatorn

    SSL-VPN licenses are not additive. So if you want to move up from a 1000 user license, the next tier is 2500 users. The second SKU above is the correct part to order in that case.
    The first SKU is for 1000 users only (base AnyConnect Premium license for 1000 users). The third SKU is another way of packaging the same thing as the first one.

  • TN3270 Plugin / ASA SSL Portal

    Hi Guys, I'm working on the ssl portal of my company  and  we need to have an  3270 emulator available in it, Do you know if there is a tn3270 plugin for cisco asa ssl portal? or is there a workaround to make it work?
    Thanks in advance,
    Regards
    Oscar

    Hello,
    Regarding the plugin, Nop.. There are no that much available plug-ins.
    So you have to other options:
    1- Smart tunnel ( You do not need to have administrative rights over the remote system, you only need to have the application locally installed)
    2- Port-forwarding ( You do  need to have administrative rights over the remote system and have the application locally installed)
    If those does not fit your expectations I will go for a tunnel all vpn ( Anyconnect or Ipsec remote access)
    Hope I could help.
    Julio
    Do rate all the helpful posts

  • How to read the output of 'tarantella license query' command?

    I'm trying to track my license usage (to better determine when to buy new licenses, and to track usage over time).
    When I issue the 'tarantella license query command, this is typical of the output I see:
    [root@sgdserver ~]# /opt/tarantella/bin/tarantella license query
    License usage at: Mon Feb 11 14:03:53 EST 2008
    Type                In use / Total
    Base                6      / 230
    UNIX                4      / 230
    Mainframe           0      / 230
    Windows             0      / 230
    AS/400              0      / 230
    [root@sgdserver ~]#What is the above saying? Is it saying that I am using 10 licenses out of my 230, or am I just using 6 licenses? In other words, do I add up the numbers or just use the highest one? Or do I just have to worry about the 'Base' license number?
    Thanks.

    The base license is the number of users that are logged into a webtop.
    From there you count then connectivity type.
    So you have 6 webtop licenses out of 230 consumed and of those 4 users have launched UNIX sessions out of 230 you have licensed.
    hope this helps.

  • Yet Another ASA VPN Licensing Question :)

    I have a pretty good understanding of ASA VPN concepts, but not sure about this scenario.  Two questions regarding 5525 VPN SSL Anyconnect Premium Licensing.
    1.  Assuming we already own a ASA 5525-x with 750 Anyconnect Essentials and Mobile ( p/n ASA5525VPN-EM750K9 ) and want the ability for 200 Clientless (Anyconnect Premium) VPN connections, including mobile devices, what part number do I need?  
    2.  Assuming we do not yet own a ASA5525, but want the same 200 clientless VPN connections plus mobile device connectivity, what part number do I need?   I'm assuming this is correct  >>  ASA5525VPN-PM250K9
    Thanks!

    It's no problem - I sometimes look for an answer to a question myself and find my own 2 year old post explaining the answer. As long as I don't find my 2 week old answer, I'm OK with that. :)
    Anyhow, no there's not a SKU to upgrade Essentials to Premium. All the Premium upgrade SKUs are between Premium licensed user tiers (10-25, 25-50, 50-100 etc.).
    If you're a persuasive customer and make a strong case with your reseller they may be able to get a deal with Cisco outside the normal channels to get some relief as a customer satisfaction issue. That's very much a case by case thing though and not the normal fulfillment method.

  • Oracle 10g Licensing Query

    Hi,
    I have a query with regards to Oracle 10g licensing for additional options (OLAP, Data Mining, Partitioning, Spatial & Database Vault) on top of enterprise edition.
    Even though i am not using any of the options, i have them installed along with enterprise edition. Do i still need to pay for these additional options?
    From 10g, you can always prove to oracle that any of the features/options are not in use via DBA_FEATURE_USAGE_STATISTICS.
    We are using shared infrastructure for hosting many application databases. Today we have a application that uses only partitioning, but tommorrow we might have to create a database within the same oracle home that uses OLAP & data mining as well.
    would be interested in knowing what is oracle stand on this i.e. we pay for additional options only if we are using them or we pay just because they are installed regardless of we are using them or not??
    Thanks & Regards
    Chandar

    Chandark,
    You need to pay licenses if you are using it commercially and if it is installed and you haven't paid for it then how would you stop anyone not using it because its not paid but its there. This will be against your contractual agreement and they may fine you or you have to pay for the options. So I recommend not to install options you haven't paid for to avoid any issues. But if you are using for learning purpose and not commercial then you are good. You can further contact local Oracle Support or local Sales rep for more information
    Hope this helps, regards
    OrionNet

  • License query

    Hi,
    I have a query about licensing. This should be the realm of the suppliers, but I'm finding it hard to get an answer without going off and having a meeting wherein we commit to a purchase.
    I know most vendors with an "educational" license, allow this license for use in all non for profit applications (such as Microsoft). With the development license for Oracle being "free", what is the status of a "not for profit" license, for 11G database, if in fact such a thing exists?

    The latest signature release (as of this writing) is S600, released October 5, 2011.
    You need to be running E4 release of software to have these installed.
    See if you have S600 on your sensor (show ver), if you don't then you do not have automatic signature updates working without a valid license.(as expected)
    - Bob

  • SQL Server 2008 R2 Licensing Query

    Hi,
    If i have SQL Server 2008 R2 Enterprise License key for a single instance and I am installing all the shared features from the setup. Then is my license counted as being used or no?
    Or is it only used when i install Database Engine?
    Please mark the answer as helpful if i have answered your query. Thanks and Regards, Kartar Rana

    No, a separate license is not required for
    Management Tools.
    However, any device that has SQL Server tools or technologies installed must have a valid SQL Server license. 
    Hope this clears your question..
    Raju Rasagounder Sr MSSQL DBA

  • SAP Crystal Dashboard licensing query

    Hello All,
    We need to purchase Xcelsius license, SAP Accounts rep has provided following link for online store where I can see Departmental edition, Personal edition and dashboard viewing licenses.
    http://store.businessobjects.com/store/bobjamer/en_US/DisplayCategoryProductListPage/ThemeID.29254600/categoryID.57065800/parentCategoryID.57065700
    My question is we already have SAP BO premium 10 CPU licenses, we just need dashboard feature to be added on top of it. We need 3 dashboard developer licenses and a large audience should view the live dashboards.
    Please suggest which license should we go with, as per my understanding we dont require viewing license as we already have 10 CPU premium license with which we can use all the features.
    I know this query should be asked to the accounts rep but unfortunately I am not getting proper response from them and we need to purchase this ASAP.
    Any idea would be of great help.
    Thanks,
    Sohel

    Hi Sohel,
    I look after pricing and licensing for SAP BusinessObjects BI.
    BOE Premium does not provide for Xcelsius Dashboard viewing rights. BOE Premium includes Crystal Reports, Webi and OLAP Intelligence viewing rights. Xcelsius was acquired after the release of BOE Premium and it is an add-on to that license model.
    To view dashboards integrated with BO Premium, you will need the Xcelsius Interactive Viewing license.
    Note that this is a legacy license model. Current customers can purchase more of this but we have been positioning the BI Suite to new customers since 2011.
    -Blair

  • Oracle data lookup - Licensing query

    Hi,
    Not finding the right forum to post this query, so i hope the coffee shop folks can be helpful
    We are running SAP R/3 4.7 Enterprise with Oracle 9.2.0 as the backend database (on Windows Server 2003 OS).
    Our Oracle license is embedded with SAP i.e., not acquired separately.
    For business needs we intend to make read only queries to the backend database (Oracle database lookup) programmatically through Microsoft's SharePoint portal.
    For the access methods, one option is to use Business Data Catalog - BDC of sharepoint which queries the Oracle database directly (using xml).
    Would appreciate comments on whether this is authorized or we need any additional component / license?
    I have already noted the restrictions mentioned in note 581312, particularly point 3 which speaks about SAP provided Oracle license
    Thank you
    Zubair

    Hi Jurjen / Hi Matt
    Thanks for the responses. These have been very helpful
    A couple of followup thoughts:
    1. Actually, the current need i am trying to fill is to read the 'reports to' relationship from SAP so as to fill the manager field/attribute in the Sharepoint User profile. I understand that the right way to do this is through standard interfaces of SAP like RFC/BAPI with the authorization checks in place but unfortunately, my sharepoint developer is unable to use RFC with Business Data Catalog (xml based). Says only a database query is possible. Perhaps he is wrong and i am trying to confirm this. If you have any thoughts on it, please do share.
    2.
    >If I remember correctly even read only access can muck up the db statistics and so have an adverse effect on the applications.
    So this means, database performance logs such as ST02 & ST04 may show incorrect information and it might also have an adverse impact on performance right? or anything else too.
    Many thanks
    Regards,
    Edited by: Matt on Feb 4, 2010 1:49 PM - message restored, formatting fixed

  • Adobe licensing query

    I have installed Flash CS5 and Flash 8 on single computer system to frequently work on both softwares Hence, my query is that how many Flash licenses required to purchase to me to complain with adobe licensing?
    If I have purchased one Flash CS5 license then is it possible to use any old version of flash software on the same system which already have installed license Flash CS5?
    Please suggest!
    Thanks in advance

    Hi Sir,
    Thanks!
    Actually, I have tried to see in Adobe Software license Agreements but still not get this information in written form.
    But, Thanks you to clear my doubts.

  • VPN Licensing query

    Hi All,
    My company wants to place a Cisco Router on to a new lease line setup. With the requirement of
    1) 3 site-to-site VPN to directors.
    2) 30-40 client vpn from marketing team.
    3) MPLS to other branch office
    4) Also act as firewall.
    I've suggested placing a Cisco 2951-HSEC/K9. It says recommended no. of users upto 150 and for 2921 its 100. Some forums suggest VPNs are part of the HSEC incense.
    But am still not sure whether do I need to buy additional VPN licenses to cover-up all users or not. If yes, what kind of licenses shall we go for?
    We have found FL-SSLVPN25-K9 compatible VPN license pack for Cisco 29XX but can we also use IPSec VPNs as well if we buy this pack. If not is there a pack that give us options to use both technologies. Are these licenses one-off or yearly subscription?
    Also can Cisco 2921-HSEC/K9 do the job for us? We are use 1 LAN interface and 1 WAN along with HWIC ADSL for failover.
    Thanks in advance.
    Regards
    Kuldeep

    Hello Kuldeep,
    Not sure if you found the answer in the meantime. For site to site VPN, you would need the security packets but for SSL VPN, staring from 15.0(1)M, you need a separate license as well. This link will explain it in more details:
    http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_ssl_vpn.html
    When it comes to the license, I can only see licenses for 25 and 100 users:
    http://www.cisco.com/en/US/prod/collateral/routers/ps10616/white_paper_c11_556985_ps10537_Products_White_Paper.html#wp9000798
    Warm Regards,
    Rose

  • ASA SSL trustpoints

    Hello,
    I have a scenario where a web server is hosted on the inside and users accessing to it through https are being authenticated first on the ASA( there is a certificated installed on the ASA for secure access)
    I want to add another web server and do the same setup, will I need a separate cetificate on the ASA( can I have multiple certificates for the same trustpoint knowing that I can assign only one trustpoint on the outside interface)
    What's the best practise?

    Yes you can assign the trustpoint to be used for SSL connections on the outside interface.
    A trustpoint contains the identity of a certificate authority, CA-specific configuration parameters, and an association with one enrolled identity certificate. You need one trustpoint to connect with the Citrix server. You can configure up to two trustpoints, each to be assigned to a different interface on the security appliance; however, you can assign a single trustpoint to two interfaces.

Maybe you are looking for

  • Starting logminer from java

    I want to start logminer tool from java To start logminer tool the first step is alter system set utl_file_dir='C:\oracle\product\10.2.0\logminer_dir' scope=spfile; shutdown immediate startup I am working on eclipse The alter command is executed, but

  • If I restore and update my old iPhone, will it mess up my iPhone 3G

    I have an iPhone 3G running 2.2.1 but still use my deactivated first generation iPhone more or less as an iPod Touch. If I update the software on the old phone to the 2.2.1 will it mess up the AT&T registration for my 3G phone during the setup proces

  • Covering letter

    hi, how to make the covering letter for cheque issue. i have to develep the same in abap programme, pleas elet me know, and send me the sample code for the same. thanks, sujatha Moderator Message: No! We do not give sample codes here!. Edited by: kis

  • DIO Port Config & DIO Port Write Block Diagram Errors (Call Library Function Node:libra​ry not found or failed to load)

    Hi Guys, need help on this. I have this LabVIEW program that used to work on the old computer. The old computer crashes most of the time, so I upgraded the computer and used its Hard Drive as slave to the new computer. I have no idea where are its in

  • Curious as to your table storage params

    Hi everyone, I'm a long time Oracle guy, first time poster to these forums! I'm just curious as to your table storage parameters. For instance, do you use settings such as initial 128k next 128k pctincrease 0 for production tables after analysis? Or