Solved

ASA 5501 - Security Bundle License - how many concurrent users can access the internet?

Posted on 2008-06-13
9
2,030 Views
Last Modified: 2010-04-21
I have a ASA 5501 with the Security Bundle License...  How many concurrent users can access the internet?  I'm running ASA version 8.0.3 and ASDM 6.2.  
0
Comment
Question by:gopher_49
  • 5
  • 3
9 Comments
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21784141
ASA5505 max concurrent connections without S+ license is 10000

Source:
Cisco ASA 5500 Series Adaptive Security Appliances Models Comparison
http://cisco.com/en/US/products/ps6120/prod_models_comparison.html
0
 

Author Comment

by:gopher_49
ID: 21784163
Does this stand true for hosts on the inside interface accessing the internet?
0
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 500 total points
ID: 21784177
Connection count and hosts count are two separate entities. Each host can open many connections, however depending on your license you may be limited to 10, 50, or unlimited hosts. Host count is determined by the number of internal devices that have an open connection to the outside interface. You can enter the "show local" command to get an accurate report on the number of hosts currently with an open connection.
0
 

Author Comment

by:gopher_49
ID: 21784197
gotcha...  I didn't purchase an additional license for concurrent connection counts...  I'm assuming I have a 10 concurrent license..  

I have another question that pertains to the subnet on the inside interface...  I can open a new question if needed...  The inside interface address is 10.0.0.1 255.255.255.0 (this was preconfigured on the old firewall).  When creating the nat (inside) 1 10.0.0.0 255.255.255.0 rule I originally entered in nat (inside) 1 10.0.0.1 255.255.255.0 .  It stripped the '1' off of 10.0.0.1.  It mentioned that the IP address and subnet was inconsistent...  Will this still work?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 16

Expert Comment

by:btassure
ID: 21784783
If you do a show version it should tell you how many hosts you can have there. Otherwise it will tell you in "About-> About ASA" in ASDM and also from the system dashboard.
0
 

Author Comment

by:gopher_49
ID: 21785472
btassure,

the show version commmand show a total of 'unlimited' for inside hosts, however, to my knowledge that only pertains to the number of host connected to the switch.  This does not pertain to concurrent hosts to access the internet from the inside interface through the specified route.  The about asa menu shows the same information that the 'show version' command does...  I'm still not 100% sure to how many concurrent users can access the internet....  By default I think it's 10, however, the version 8 ASA os doesn't state this on the release notes....  
0
 
LVL 6

Assisted Solution

by:raptorjb007
raptorjb007 earned 500 total points
ID: 21785688
In the show version command you should see an output as listed below. The "Inside Hosts" line is what describes the number of licensed hosts. This number will be 10,50, or unlimited. If unlimited there is no practical host limit other than the number connections licensed or that the hardware can handle. As explained, the inside host count is calculated based on the number of hosts on the interface connection with an active connection to the outside interface. If you have 30 computers, up to 10 can access the internet at any one time, the others would be unable to establish a connection until one of the 10 host slots are freed.
Licensed features for this platform:

Maximum Physical Interfaces  : 8

VLANs                        : 3, DMZ Restricted

Inside Hosts                 : 10

Failover                     : Disabled

VPN-DES                      : Enabled

VPN-3DES-AES                 : Enabled

VPN Peers                    : 10

WebVPN Peers                 : 2

Dual ISPs                    : Disabled

VLAN Trunk Ports             : 0

AnyConnect for Mobile        : Disabled

AnyConnect for Linksys phone : Disabled

Advanced Endpoint Assessment : Disabled
 

This platform has a Base license.

Open in new window

0
 

Author Comment

by:gopher_49
ID: 21785716
I'm showing unlimited for the number of inside hosts....  I guess I'm good to go then...  When I purchased this 5505 they had a promotion on the security bundle that gave me extra VPN connections and other security interface options..   I think one being the ability to create virtual interfaces...  Anyway, I guess I'm good to go then...  My concern was that I have 15 hosts that will be accessing the internet at all times...  I was worried that if I delopyed it I would have problems with connectivity due to licensing..  If you're sure that the inside hosts represents how many inside hosts can access the internet then I'm good to go....

Thanks!
0
 

Author Closing Comment

by:gopher_49
ID: 31467140
I spit the points for the first solution sent me in the right direction and made me understand how the licensing works and the second solution proved it and clarified it for me.  Thanks for the great support...
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now