Sunday, December 21, 2008

ASA code update - mobile AnyConnect

For those that are keeping track there was an interim release on Dec 5th for asa804-16-k8.bin plus as I noted before there is now an ASDM release of 6.1.5.51 or asdm-61551.bin which is compatible with Jave 6.10 or 6.11. There is one issue I have found with the newer ASA code, it does not appear to honor the global translation timeout settings. So if you have long flow sessions (big single tcp backup sessions that stay open forever for instance) then you can have some serious issues.

Also, is anyone else completely baffled as to why the ASA is requiring a separate mobile AnyConnect license, even if you already paid for SSLVPN licenses for the standard AnyConnect on the ASA? Seems like double dipping to me. At a minimum a free license extension should be offered to clients to get some mobile licenses based on the number of existing AnyConnect licenses you already own. Perhaps 2 mobile for every 10 SSLVPN? Cisco, you are just getting greedy on that one.

Happy New Year everyone.
- Ed