Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 351
  • Last Modified:

Overcoming an ASA 10 User Limit

I have a client that has a phone system that links up with another client at another location.

Before making changes, the PCs and Tablets at my clients site were using a cable internet connection, and the VoIP phones were running through some sort of Point to Point connection.  The phone connection would drop and to get it back online, someone had to climb a tower and reset a relay (not fun).  To stop having to do this, my client contacted the other company and they said they could put in an ASA and use the cable connection that is there to go through the internet, rather than the buggy relay system (not sure exactly how it was setup or if I'm describing it correctly).

The problem is the ASA the other company put in (and billed my client an arm and a leg for) has a 10 user limit.  Since the site has 4 phones, 2 PCs, and 3 tablets that are all constantly connected,  there aren't many available connections for phones, laptops, or other devices on the network.  As devices connect, other devices go offline causing problems.

Without upgrading the ASA to accommodate more users or getting a separate Internet connection, do I have any options?  The ASA is only there to link to the other company for phones.

Could I do this:  Get another static IP from the ISP and separate the connection, 1 static going to the ASA that would have the phones connected and another to a different router for the local PCs and other devices?
0
pmitllc
Asked:
pmitllc
  • 2
  • 2
3 Solutions
 
Rob WilliamsCommented:
You can buy a Smart Net contract (support contract) and an upgrade license to allow 50 or unlimited users, priced accordingly.  The VPN limit will stay at 10 tunnels, but that is not currently an issue.

Though I recommend buying from a local Cisco partner who can explain options, pros, and cons, the following link is a sample of one option. (For ASA 55050)
http://www.newegg.com/Product/Product.aspx?Item=N82E16833422133

Locate a Cisco Partner:
https://tools.cisco.com/WWChannels/LOCATR/openBasicSearch.do
0
 
Ernie BeekExpertCommented:
What you could do is: set up a proxy. All machines that use the asa to connect to the internet (so all except the phones) will go behind the proxy. From the asa point of view it will only see the phones (4 hosts) and the proxy (1 host though there are a number of tablets and pc's behind it).
If those machine aren't connecting to the internet in a fancy way, that should do the trick.
0
 
pmitllcAuthor Commented:
I am having the other company get us a quote on either a new license or hardware.

I did look at the proxy option, but could not figure out how to run a wireless network through it.
0
 
Ernie BeekExpertCommented:
Wireless with separate IP range?
You could try VLANs (depending on your switching hardware),
or have a proxy with 3 NICs (one for each network).
0
 
Rob WilliamsCommented:
Depending on your network requirements you can also add a simple router between the existing router and LAN, however if you have any incoming traffic such as remote access, e-mail or web server, it complicates matters and if you have a VPN even more so.   For the few hundred dollars the license is probably worth it as it keeps it simple and you are not trying to thwart Cisco licensing.  For the record many commercial routers have licensing limits.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now