Finally Got My Cisco ASA 5510 AnyConnect Essentials License
After waiting for several weeks for Cisco to fufill my license code order (for ASA-AC-E-5510) I finally got the code in an email today! Using the product authorization key to generate an activation key for my specific device was easy on the Cisco licensing web site.
I used the “activation key” command to plug it into my ASA 5510 and now I have the “AnyConnect Essentials” feature enabled when I do a “show ver”.
I never rebooted the device to activate the new license, however, I have not tested more than one user logged into it so I have no proof it works as of yet.
My ASA 5510 has been running the 8.2 code now for 26 days as my production corporate firewall without a hitch so I give it the thumbs up. I did have one hiccup while rebooting the box after uploading the 8.2 code, but I actually think that 8.0.4 crashed when I asked it to reboot, rather than the 8.2 code failing to come up properly (I was not on the console however when I did this so I really have no proof, I ended up power-cycling the box).
I do have to gripe that the AnyConnect client has had issues on my Windows Vista laptop a number of times, though According to Cisco this may be due to Windows bugs relating to sleeping my laptop (which I do multiple times a day). I get the dreaded “The vpn client driver has encountered an error” message.
Perhaps one other thing worth noting is that 8.2 created a new “coredumpinfo” folder on the internal flash file system with a file in it called coredump.cfg. This file seems to somehow update it’s timestamp every time you do a show run and so It messes up my RANCID process which grabs the config and file system directory listings every 30 minutes and diff’s them for me. This causes RANCID to email me every half hour with useless data that this file changed.
P.S. The AnyConnect Essentials license key for my ASA 5510 was only $108 from my CDW rep including shipping (which was email btw…)
-Eric
UPDATE 6/24/09:
I forgot to mention that I am running this 5510 with only the stock 256 megs of RAM without issue. There is reference in the release notes of possibly needing more RAM on that platform for 8.2 depending on what you are doing. My RAM utilization actually went down between 8.0.4 and 8.2, though I also made some config changes around the same time so YMMV.
Also, there is some reference in the ASDM GUI about needing to reboot after applying a new activation key so I may need to do that… Still have not tested it yet since my Vista laptop is being dumb.
Hi-
Thanks for writing this up! I’ve been looking into running a 5505 at my office, and a 5510 at our colo datacenter behind two 2821’s. I have a quick question though…Both the 5505 and 5510 support two AnyConnect users right out of the box, no? Do you know if that includes the AnyConnect client that runs on the iPhone?
Thanks!
The 5505 and 5510 have two “teaser” licenses of AnyConnect *premium* that has all the AnyConnect functionality. I have not personally used the AnyConnect client for the iPhone, but I am pretty sure it will work.
The AnyConnect Essential license you can buy for pretty much unlimited numbers of connections may or may not support the iPhone, again, I have not researched this or tried it.
If you find out more please post back here so others may find it in the future! Thanks!
-Eric
I do not beleive the iphone uses anyconnect. I’m pretty sure it uses traditional IPSEC-remote access technologies.
The RANCID bug that you’re seeing is documented. If you open a TAC case they will give you access to 8.2.1(3) which has fix coredump timestamp issue. And yes, built-in client for the iPhone uses the traditional IPSec RA method and subject to the VPN limitations of the platforms only. AnyConnect Essentials enables just the AnyConnect to the same platform limitations (i.e. 5510 w/250 tunnels).
-ryan
Ryan- Thanks for the info about the RANCID fix in that interim release. I have been waiting long enough at this point that I will probably just wait until they release the next dot revision (8.2.2 perhaps?) and upgrade then.
Thanks!
-Eric