I tried the popular Beef Wellington (English meat pie) at Bread Street Kitchen Marina Bay Sands, which is owned by celebrity chef Gordon Ramsay.
The dining experience was nice and had free bread while waiting for my
order. The serving was generous and the meat was very tender (ordered
medium rare). I strolled around Garden's By the Bay afterwards and noticed most of the attractions such as the Floral Fantasy, Flower Dome and Supertree Skyway would need pre-purchased online tickets (no more walk-ins) due to COVID-19 crowd control and physical distancing.
You'll need to apply first the AnyConnect Apex license SKU/part: L-AC-APX-LIC= under the System context, which is a term based of 1-, 3- or 5-year subscription. The Apex license would take effect immediately and doesn't require a reboot. Also note the Total VPN peers supported on the specific platform (in this case 2500 max VPN sessions).
You can't use the default AnyConnect Premium Peers as it will display an error requiring for an Apex license.
ciscoasa/pri/act(config)# class AnyConnect
ciscoasa/pri/act(config-class)# limit-resource VPN AnyConnect 4
WARNING: Multi-mode remote access VPN support requires an AnyConnect Apex license
ciscoasa/pri/act/admin# changeto system
ciscoasa/pri/act# show version
<OUTPUT TRUNCATED>
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 300 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 10 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual // ANYCONNECT APEX LICENSE
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 2500 perpetual
Total VPN Peers : 2500 perpetual // TOTAL VPN SESSION SUPPORTED ON THE PLATFORM
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual
This platform has an ASA5545 VPN Premium license.
Failover cluster licensed features for this platform: // ACTIVE-STANDBY FAILOVER PAIR
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 300 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 12 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 4 perpetual // 2x FROM ACTIVE FW + 2x FROM STANDBY FW
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 2500 perpetual
Total VPN Peers : 2500 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 4 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
This platform has an ASA5545 VPN Premium license.
<OUTPUT TRUNCATED>
ciscoasa/pri/act# configure terminal
ciscoasa/pri/act(config)# activation-key 1c05d652 e83add97 3573e568 dcfc1234 07335678
Validating activation key. This may take a few minutes...
Both Running and Flash permanent activation key was updated with the requested key.
ciscoasa/pri/act(config)#
ciscoasa/pri/act(config)# show version
<OUTPUT TRUNCATED>
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 300 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 10 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2500 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 2500 perpetual
Total VPN Peers : 2500 perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual
This platform has an ASA5545 VPN Premium license.
Failover cluster licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 300 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 12 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2500 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 2500 perpetual
Total VPN Peers : 2500 perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 4 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
This platform has an ASA5545 VPN Premium license.
<OUTPUT TRUNCATED>
Create a VPN Resource Class and allocate the number of AnyConnect license under System context. You can divide the AnyConnect resource to other Resource Class but make sure their total equals to the maximum VPN count the platform supports. Since this is the only context using AnyConnect, I gave it the full 2500 count with a burst of up to 1500.
ciscoasa/pri/act(config)# class AnyConnect
ciscoasa/pri/act(config-class)# limit-resource VPN ?
class mode commands/options:
AnyConnect AnyConnect Premium license limit. These are guaranteed for a
context and shouldn't exceed the system capacity when combined
across all contexts.
Burst Burst limit over the configured limit. This burst limit is not
guaranteed. The context may take this resource if it is available
on the device at run time.
Other Other VPN sessions which include Site-to-Site, IKEv1 RA and L2tp
Sessions. These are guaranteed for a context and shouldn't exceed
the system capacity when combined across all contexts.
ikev1 Configure IKEv1 specific resources.
ciscoasa/pri/act(config-class)# limit-resource VPN AnyConnect ?
class mode commands/options:
WORD Value of resource limit (in <value> or <value>%)
ciscoasa/pri/act(config-class)# limit-resource VPN AnyConnect 2500
ciscoasa/pri/act(config-class)# limit-resource VPN Burst AnyConnect 1500
Create a new directory (I named it shared). Configure the new context to use/point on this new storage and add the AnyConnect Resource Class under the System context.
ciscoasa/pri/act(config)# mkdir shared
Create directory filename [shared]?
Created dir disk0:/shared
ciscoasa/pri/act(config)# context RA-VPN
Creating context 'RA-VPN'... Done. (1)
ciscoasapri/act(config-ctx)# member AnyConnect
ciscoasa/pri/act(config-ctx)# description FOR ANYCONNECT RA VPN
ciscoasa/pri/act(config-ctx)# allocate-interface GigabitEthernet0/0
ciscoasa/pri/act(config-ctx)# allocate-interface GigabitEthernet0/1.50
ciscoasa/pri/act(config-ctx)# config-url disk0:/RA-VPN.cfg
WARNING: Could not fetch the URL disk0:/RA-VPN.cfg
INFO: Creating context with default config
ciscoasa/pri/act(config-ctx)# storage-url shared disk0:/shared shared
Transfer the AnyConnect image from the main flash/disk0 space to the new shared directory.
ciscoasa/pri/act(config)# copy disk0:/anyconnect-win-4.8.03052-webdeploy-k9.pkg disk0:/shared
Source filename [anyconnect-win-4.8.03052-webdeploy-k9.pkg]?
Destination filename [/shared/anyconnect-win-4.8.03052-webdeploy-k9.pkg]?
Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
<OUTPUT TRUNCATED>
ciscoasa/pri/act(config)# dir shared/
Directory of disk0:/shared/
107 -rwx 72771616 01:56:18 Oct 27 2020 anyconnect-win-4.8.03052-webdeploy-k9.pkg
Configure AnyConnect (webvpn) and the rest of the config in the new Context.
ciscoasa/pri/act(config)# changeto context RA-VPN
ciscoasa/pri/act/RA-VPN(config)# webvpn
ciscoasa/pri/act/RA-VPN(config-webvpn)# enable outside
ciscoasa/pri/act/RA-VPN(config-webvpn)# anyconnect enable
ciscoasa/pri/act/RA-VPN(config-webvpn)# anyconnect image shared:/anyconnect-win-4.8.03052-webdeploy-k9.pkg 1
