AnyConnect Client Licenses

You can configure remote access VPN using the AnyConnect Client and standards-based IPSec/IKEv2.

To enable remote cccess VPN, you must purchase and enable one of the following licenses: AnyConnect Plus, AnyConnect Apex, or AnyConnect VPN Only. You can select AnyConnect Plus and AnyConnect Apex if you have both licenses and you want to use them both. The Any Connect VPN only license cannot be used with Apex or Plus. The AnyConnect Client license must be shared with the Smart Account. For more instructions, see http://www.cisco.com/c/dam/en/us/products/collateral/security/anyconnect-og.pdf.

You cannot deploy the remote access VPN configuration to the device if the specified device does not have the entitlement for a minimum of one of the specified AnyConnect Client license types. If the registered license moves out of compliance or entitlements expire, the system displays licensing alerts and health events.

While using remote access VPN, your Smart Account must have the export controlled features (strong encryption) enabled. The FTD requires strong encryption (which is higher than DES) for successfully establishing remote access VPN connections with AnyConnect Clients.

You cannot deploy remote access VPN if the following are true:

• Smart Licensing on the CDO is running in evaluation mode.

• Your Smart Account is not configured to use export-controlled features (strong encryption).