what ASA of PIX users mean

Unanswered Question
Jul 29th, 2007

in the ASA specs there is number of users ( in the ASA5505 = 10), what these users indicates, is it the total users can login to the ASA at the same time? plz help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Sun, 07/29/2007 - 04:46

Hi

I'm assuming you are referring to these figures ?

Feature Description

Firewall throughput Up to 150 Mbps

VPN throughput Up to 100 Mbps

Concurrent sessions 10,000/25,000*

IPsec VPN peers 10; 25*

What this means is that you can have 10 at most VPN connections (25 with Security plus license). These VPN connections can be a mixture of site-to-site VPN & remote access VPN's but in total they must not exceed 10.

For non-vpn use the ASA5505 supports 10,000 concurrent connections or 25,000 with the Security Plus license. So you can support up to 25,000 separate connections at any one time.

HTH

Jon

mohamedzidan Sun, 07/29/2007 - 09:50

jon

thanks for answer, but not this what i mean, see ASA5505 specs below:

Cisco ASA 5505 10 User Firewall Edition Bundle

Includes: 10 users, 8-port Fast Ethernet switch with 2 Power over Ethernet ports,

10 IPSec VPN peers, 2 SSL VPN peers, Triple Data Encryption.

i mean what 10 users mean in the begining.

mohamedzidan Mon, 07/30/2007 - 01:22

Thanks froggy

But do you mean only 10 inside hosts can work behind the ASA?!!

Sorry, but I guess this is not correct because with Nat concept that used by the ASA can serve more than 10

Danilo Dy Sun, 07/29/2007 - 22:30

10 is the maximum IPSEC site-to-site and remote access VPN user sessions.

The 2 SSL VPN remote access that included is for evaluation and remote management purposes.

mohamedzidan Mon, 07/30/2007 - 01:17

medan

thanks for answer, but not this what i mean, see ASA5505 specs below:

Cisco ASA 5505 10 User Firewall Edition Bundle

Includes: 10 users, 8-port Fast Ethernet switch with 2 Power over Ethernet ports,

10 IPSec VPN peers, 2 SSL VPN peers, Triple Data Encryption.

i mean what 10 users means in the begining.

Danilo Dy Mon, 07/30/2007 - 06:50

***Cisco ASA 5505 10 User Firewall Edition Bundle

- Is the description of the bundle in which "10 User" means includes 10 user license

remote access IPSec VPN

***Includes

- This are the feature/modules included in the bundle in more detail.

- The "10 users" is again 10 user license remote access IPSec VPN

- The "10 IPSec VPN peers" is the maximum site-to-site IPSec VPN

- The "2 SSL VPN peers" is for evaluation and remote management purposes

- "Triple Data Encryption" is also known as IPSec 3DES which indicates IPSec 3DES license

h.parsons Mon, 07/30/2007 - 04:19

This talks about the Pix line but I think it is the same for the ASA's:

User Licenses

Cisco PIX 501 Security Appliances, a popular security solution for Small Office/Home Office network environments, support User Licenses. This license controls how many internal users (located on the inside network of a Cisco PIX Security Appliance) that can concurrently access the Internet, or other resources through the outside interface of the appliance. Supported license levels include: 10 users, 50 users, and unlimited users. Cisco Systems provides three different pre-configured bundles of the Cisco PIX 501 Security Appliance, making it easy for businesses to purchase an appliance with the appropriate User License installed. Businesses can upgrade from one User License level to another, as their needs grow, by purchasing the appropriate User License upgrade part number.

srue Mon, 07/30/2007 - 04:27

I think it's the number of users allowed to make outbound connections through the pix/asa. the number of VPN users is not included in this number.

If you have a 10 user license, once 10 inside hosts initiate outbound connections, the 11th host will fail. This has nothing to do with internal hosts communicating among one another.

typing this makes me wonder if having an internal proxy server would be one way to bypass this restriction. hrmm.....

Actions

This Discussion