Feature License of ASA device in CCIE Sec v4.0
Managing
Feature Licenses:
Ø
A license specifies the options that are enabled
on a given ASA.
Ø
Version 8.4 and 8.6
License
Notes:::::
a)
AnyConnect Essentials:
AnyConnect Essential sessions include the
following VPN types:
·
SSL VPN
·
IPsec remote access VPN using IKEv2
This license does not support
browser-based (clientless) SSL VPN access or Cisco Secure Desktop. So activate
an AnyConnect Premium License.
b)
AnyConnect for Cisco VPN Phone:
Enables access from h/w IP Phones that have
built in AnyConnect Compatibility.
c)
AnyConnect for Mobile:
Like Windows Mobile
d)
AnyConnect Premium :
·
SSL VPN
·
ClientLess SSL VPN
·
IPsec remote access VPN using IKEv2
e)
AnyConnect Premium Shared
A shared license lets the ASA acts as a
shared license server for multiple client ASAs
f)
Botnet Traffic Filter:
Requires a Strong Encryption (3DES/AES)
License to download the dynamic DB
g)
Failover, Active/Active:
We can’t use ACTIVE/ACTIVE failover and
VPN, If we want to use VPN then use Active/Standby failover.
h)
Interface of All types, MAX:
The maximum number of combined interface;
for example , VLANs, Physical, Redundant , bridge group and EtherChannel
interfaces.
i)
IPS Module :
For failover pairs, both units need an IPS module license.
For failover pairs, both units need an IPS module license.
j)
Other VPN :
Other VPN sessions include the following
VPN types:
·
IPsec remote access VPN using IKEv1
·
IPsec site-to-site VPN using IKEv1
·
IPsec site-to-site VPN using IKEv2
This license is included in the Base License.
k)
UC Phone Proxy Sessions:
The Following applications use TLS proxy
session for their connections . Each TLS proxy session used by these
applications (and only these applications) is counted against the UC license
limit:
·
Phone Proxy
·
Presence Federation Proxy
·
Encrypted Voice Inspection
l)
VPN Load Balancing:
VPN load balancing requires a strong
Encryption (3DES/AES) License.
Information
About Feature License::
Ø A
license specifies the options that are enabled on a given ASA.
Ø It
is represented by an activation key that is a 160-bit (5 32-bit words or 20 bytes) value.
Ø This
value encodes the serial number (an 11 character string) and the enabled
features.
1) Preinstalled License (Base-License):
Ø
By default, Your ASA ships with a license
already installed.
2)
Permanent License:
Ø You
can have one permanent activation key installed .
Ø The
permanent activation key includes all licensed features in a single key.
Ø If
you also install time-based licenses, the ASA combines the permanent and
time-based licenses into a running license.
3)
Time-Based Licenses:
Ø In
addition to permanent licenses, you can purchase time-based license or receives
an evaluation license that has a time-limit.
4)
Shared AnyConnect Premium Licenses:
Ø
A shared license lets you purchase a large
number of AnyConnect Premium sessions and share the sessions as needed among a
group of ASAs by configuring one of the ASAs as a shared licensing server, and
the rest as shared licensing participants.
Obtaining
an Activation Key:::
# show
activation-key
#
activation-key <key> [activate|deactivate]
#reload
0 responses to “Feature License of ASA device in CCIE Sec v4.0”