Solved

ASA 5501 - Security Bundle License - how many concurrent users can access the internet?

Posted on 2008-06-13
9
2,043 Views
Last Modified: 2010-04-21
I have a ASA 5501 with the Security Bundle License...  How many concurrent users can access the internet?  I'm running ASA version 8.0.3 and ASDM 6.2.  
0
Comment
Question by:gopher_49
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21784141
ASA5505 max concurrent connections without S+ license is 10000

Source:
Cisco ASA 5500 Series Adaptive Security Appliances Models Comparison
http://cisco.com/en/US/products/ps6120/prod_models_comparison.html
0
 

Author Comment

by:gopher_49
ID: 21784163
Does this stand true for hosts on the inside interface accessing the internet?
0
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 500 total points
ID: 21784177
Connection count and hosts count are two separate entities. Each host can open many connections, however depending on your license you may be limited to 10, 50, or unlimited hosts. Host count is determined by the number of internal devices that have an open connection to the outside interface. You can enter the "show local" command to get an accurate report on the number of hosts currently with an open connection.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:gopher_49
ID: 21784197
gotcha...  I didn't purchase an additional license for concurrent connection counts...  I'm assuming I have a 10 concurrent license..  

I have another question that pertains to the subnet on the inside interface...  I can open a new question if needed...  The inside interface address is 10.0.0.1 255.255.255.0 (this was preconfigured on the old firewall).  When creating the nat (inside) 1 10.0.0.0 255.255.255.0 rule I originally entered in nat (inside) 1 10.0.0.1 255.255.255.0 .  It stripped the '1' off of 10.0.0.1.  It mentioned that the IP address and subnet was inconsistent...  Will this still work?
0
 
LVL 16

Expert Comment

by:btassure
ID: 21784783
If you do a show version it should tell you how many hosts you can have there. Otherwise it will tell you in "About-> About ASA" in ASDM and also from the system dashboard.
0
 

Author Comment

by:gopher_49
ID: 21785472
btassure,

the show version commmand show a total of 'unlimited' for inside hosts, however, to my knowledge that only pertains to the number of host connected to the switch.  This does not pertain to concurrent hosts to access the internet from the inside interface through the specified route.  The about asa menu shows the same information that the 'show version' command does...  I'm still not 100% sure to how many concurrent users can access the internet....  By default I think it's 10, however, the version 8 ASA os doesn't state this on the release notes....  
0
 
LVL 6

Assisted Solution

by:raptorjb007
raptorjb007 earned 500 total points
ID: 21785688
In the show version command you should see an output as listed below. The "Inside Hosts" line is what describes the number of licensed hosts. This number will be 10,50, or unlimited. If unlimited there is no practical host limit other than the number connections licensed or that the hardware can handle. As explained, the inside host count is calculated based on the number of hosts on the interface connection with an active connection to the outside interface. If you have 30 computers, up to 10 can access the internet at any one time, the others would be unable to establish a connection until one of the 10 host slots are freed.
Licensed features for this platform:
Maximum Physical Interfaces  : 8
VLANs                        : 3, DMZ Restricted
Inside Hosts                 : 10
Failover                     : Disabled
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
VPN Peers                    : 10
WebVPN Peers                 : 2
Dual ISPs                    : Disabled
VLAN Trunk Ports             : 0
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
 
This platform has a Base license.

Open in new window

0
 

Author Comment

by:gopher_49
ID: 21785716
I'm showing unlimited for the number of inside hosts....  I guess I'm good to go then...  When I purchased this 5505 they had a promotion on the security bundle that gave me extra VPN connections and other security interface options..   I think one being the ability to create virtual interfaces...  Anyway, I guess I'm good to go then...  My concern was that I have 15 hosts that will be accessing the internet at all times...  I was worried that if I delopyed it I would have problems with connectivity due to licensing..  If you're sure that the inside hosts represents how many inside hosts can access the internet then I'm good to go....

Thanks!
0
 

Author Closing Comment

by:gopher_49
ID: 31467140
I spit the points for the first solution sent me in the right direction and made me understand how the licensing works and the second solution proved it and clarified it for me.  Thanks for the great support...
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Router Security Commands. 2 67
Security considerations & assessment when enabling Cisco Wake-On-Lan 5 54
HP Storage and Cisco Nexus 4 74
CISCO WIFI 6 73
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question