Solved

Cisco ASA 5505 - 10 user license problem

Posted on 2013-01-31
8
1,003 Views
1 Endorsement
Last Modified: 2013-01-31
Experts,

I am configuring a Cisco ASA 5505 with a 10 User license, any way around that?
From what I understand I can only get 10 hosts running traffic.

Can I purchase/upgrade to fix it?

Any suggestions are appreciated.
1
Comment
Question by:RandallVillalobos
  • 3
  • 3
  • 2
8 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 38842119
Contact your Cisco reseller, there are 50 user and unlimited options.

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html

Look at table #1
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 250 total points
ID: 38842120
You can purchase add-on licenses to upgrade the allowable host count.
The only other way around this would be to remove the default gateway from all devices that don't actually need to use the firewall to access the internet or vpn resources. This method is great if you have 8 pc's and 5 printers because you can just remove the gateway on the printers and life is good.

Usually it's best to pony up and purchase a license and avoid the duct-tape network solution where you pick and choose who can touch the firewall and obtain the mystical host licenses.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38842126
To upgrade to 50 users the part number is ASA5505-SW-10-50=.

To upgrade to unlimited users the part number is ASA5505-SW-10-UL=.
0
 

Author Comment

by:RandallVillalobos
ID: 38842132
Thank you for the information, based on this I have the following questions:

1. If I have 50 users connecting from an outside/Internet location to my MailServer or Webserver, will it MAX OUT my 10 user license?  Or is the license only for Outbound (lan to internet) connections?

2. If I have a proxy server and a mail server, in good theory, I will only need 2 of the 10 users license.  Is this correct?

I am thinking of only allowing internet access to my PRoxy and my Mail Server, that way I do not need all the licensing.  (Assuming that Inbound-Internet connections do not count)

Reading the following link, it makes me believe that Inbound connections do not count:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/license.html#wp1141801

Thanks for any suggestions
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 250 total points
ID: 38842185
Are you running in routed mode?  If so:

#1) If you have a web server and a mail server on your internal network that have active connections that would count as "2 users."  Does not matter how many IP addresses on the outside are talking to it.

#2)  Correct, if you only have two devices on the inside that access the Internet or are accessed from the Internet it is only "2 users."

If you are in bridged mode, then the side with the least number of IP address/hosts counts.
0
 

Author Comment

by:RandallVillalobos
ID: 38842387
Giltjr,

Newbie question...how do I know if the ASA is on router mode or bridge mode?

I have the Cisco ASA connecting to the internet, behind the firewall I have 1 flat network (LAN)

Thank you!
0
 
LVL 20

Expert Comment

by:rauenpc
ID: 38842433
The asa is in routed mode by default. In transparent mode, the config begins with "firewall transparent "
0
 

Author Closing Comment

by:RandallVillalobos
ID: 38842450
Thank you for all the help
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now