ASA 9.0 AnyConnect License Change

I have been looking at the new features in ASA 9.0. Two in particular that caught my eye were:

  • Allow up to eight ASA’s to be clustered
  • VPN and dynamic routing are now supported per context.

It is to be hoped that clustering, initially only available on the high-end boxes, becomes available on the smaller boxes sooner rather than later.

In the Q&A document I noticed the following:

Q. Is next generation encryption available on all ASA platforms?

A. No. Next Generation Encryption is fully supported on the ASA 5585-X, 5500-X Series, and 5580, as well as on the Catalyst 6500 Series ASA Services Module. It can only be partially supported on the ASA 5505, 5510, 5520, 5540, and 5550 due to hardware limitations. AnyConnect 3.1 or greater and an AnyConnect Premium License are also required to use next generation encryption for remote access connections.

If I read this correctly, AnyConnect with the previous generation encryption only needs an Essentials License. AnyConnect with the next generation encryption needs the much more expensive Premium License’.

The word ‘Sneaky’ springs to mind.

One thought on “ASA 9.0 AnyConnect License Change”

  1. A couple of caveats as well-

    EIGRP and OSPFv2 dynamic routing protocols are now supported in multiple context mode. OSPFv3, RIP, and multicast routing are not supported.

    Site-to-site VPN tunnels are now supported in multiple context mode. (come on, no Anyconnect? seriously?)

Leave a Reply

Your e-mail address will not be published. Required fields are marked *