Solved

Cisco ASA 5505 - 10 user license problem

Posted on 2013-01-31
8
1,032 Views
1 Endorsement
Last Modified: 2013-01-31
Experts,

I am configuring a Cisco ASA 5505 with a 10 User license, any way around that?
From what I understand I can only get 10 hosts running traffic.

Can I purchase/upgrade to fix it?

Any suggestions are appreciated.
1
Comment
Question by:RandallVillalobos
  • 3
  • 3
  • 2
8 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 38842119
Contact your Cisco reseller, there are 50 user and unlimited options.

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html

Look at table #1
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 250 total points
ID: 38842120
You can purchase add-on licenses to upgrade the allowable host count.
The only other way around this would be to remove the default gateway from all devices that don't actually need to use the firewall to access the internet or vpn resources. This method is great if you have 8 pc's and 5 printers because you can just remove the gateway on the printers and life is good.

Usually it's best to pony up and purchase a license and avoid the duct-tape network solution where you pick and choose who can touch the firewall and obtain the mystical host licenses.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38842126
To upgrade to 50 users the part number is ASA5505-SW-10-50=.

To upgrade to unlimited users the part number is ASA5505-SW-10-UL=.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:RandallVillalobos
ID: 38842132
Thank you for the information, based on this I have the following questions:

1. If I have 50 users connecting from an outside/Internet location to my MailServer or Webserver, will it MAX OUT my 10 user license?  Or is the license only for Outbound (lan to internet) connections?

2. If I have a proxy server and a mail server, in good theory, I will only need 2 of the 10 users license.  Is this correct?

I am thinking of only allowing internet access to my PRoxy and my Mail Server, that way I do not need all the licensing.  (Assuming that Inbound-Internet connections do not count)

Reading the following link, it makes me believe that Inbound connections do not count:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/license.html#wp1141801

Thanks for any suggestions
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 250 total points
ID: 38842185
Are you running in routed mode?  If so:

#1) If you have a web server and a mail server on your internal network that have active connections that would count as "2 users."  Does not matter how many IP addresses on the outside are talking to it.

#2)  Correct, if you only have two devices on the inside that access the Internet or are accessed from the Internet it is only "2 users."

If you are in bridged mode, then the side with the least number of IP address/hosts counts.
0
 

Author Comment

by:RandallVillalobos
ID: 38842387
Giltjr,

Newbie question...how do I know if the ASA is on router mode or bridge mode?

I have the Cisco ASA connecting to the internet, behind the firewall I have 1 flat network (LAN)

Thank you!
0
 
LVL 20

Expert Comment

by:rauenpc
ID: 38842433
The asa is in routed mode by default. In transparent mode, the config begins with "firewall transparent "
0
 

Author Closing Comment

by:RandallVillalobos
ID: 38842450
Thank you for all the help
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VPS for routing recomendations 3 50
Cisco ASA dns and browsing 20 33
Sonicwall SHA issue 4 27
Cisco IPSec lan to lan tunnel - encryption domain. 3 8
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question