64-3
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter64 Configuring IPsec and ISAKMP
Licensing Requirements for Remote Access IPsec VPNs
With IKEv1 policies, you set one value for each parameter. For IKEv2, you can configure multiple
encryption and authentication types, and multiple integrity algorithms for a single policy. The ASA
orders the settings from the most secure to the least secure and negotiates with the peer using that order.
This ordering allows you to potentially send a single proposal to convey all the allowed transforms
instead of sending each allowed combination as with IKEv1.
Licensing Requirements for Remote Access IPsec VPNs
The following table shows the licensing requirements for this feature:
Note This feature is not available on No Payload Encryption models.
Model License Requirement1
ASA 5505 IPsec remote access VPN using IKEv2 (use one of the following):
AnyConnect Premium license:
Base license and Security Plus license: 2 sessions.
Optional permanent or time-based licenses: 10 or 25 sessions.
Shared licenses are not supported.2
AnyConnect Essentials license3: 25 sessions.
IPsec remote access VPN using IKEv1 and IPsec site-to-site VPN using IKEv1 or IKEv2:
Base license: 10 sessions.
Security Plus license: 25 sessions.
ASA 5510 IPsec remote access VPN using IKEv2 (use one of the following):
AnyConnect Premium license:
Base and Security Plus license: 2 sessions.
Optional permanent or time-based licenses: 10, 25, 50, 100, or 250 sessions.
Optional Shared licenses2: Participant or Server. For the Server license, 500-50,000 in
increments of 500 and 50,000-545,000 in increments of 1000.
AnyConnect Essentials license3: 250 sessions.
IPsec remote access VPN using IKEv1 and IPsec site-to-site VPN using IKEv1 or IKEv2:
Base license and Security Plus license: 250 sessions.