what ASA of PIX users mean

mohamedzidan · ‎07-29-2007

in the ASA specs there is number of users ( in the ASA5505 = 10), what these users indicates, is it the total users can login to the ASA at the same time? plz help

Jon Marshall · ‎07-29-2007

Hi

I'm assuming you are referring to these figures ?

Feature Description

Firewall throughput Up to 150 Mbps

VPN throughput Up to 100 Mbps

Concurrent sessions 10,000/25,000*

IPsec VPN peers 10; 25*

What this means is that you can have 10 at most VPN connections (25 with Security plus license). These VPN connections can be a mixture of site-to-site VPN & remote access VPN's but in total they must not exceed 10.

For non-vpn use the ASA5505 supports 10,000 concurrent connections or 25,000 with the Security Plus license. So you can support up to 25,000 separate connections at any one time.

HTH

Jon

mohamedzidan · ‎07-29-2007

jon

thanks for answer, but not this what i mean, see ASA5505 specs below:

Cisco ASA 5505 10 User Firewall Edition Bundle

Includes: 10 users, 8-port Fast Ethernet switch with 2 Power over Ethernet ports,

10 IPSec VPN peers, 2 SSL VPN peers, Triple Data Encryption.

i mean what 10 users mean in the begining.

froggy3132000 · ‎07-29-2007

That means 10 inside hosts are permitted.

mohamedzidan · ‎07-30-2007

Thanks froggy

But do you mean only 10 inside hosts can work behind the ASA?!!

Sorry, but I guess this is not correct because with Nat concept that used by the ASA can serve more than 10

Danilo Dy · ‎07-29-2007

10 is the maximum IPSEC site-to-site and remote access VPN user sessions.

The 2 SSL VPN remote access that included is for evaluation and remote management purposes.

mohamedzidan · ‎07-30-2007

medan

thanks for answer, but not this what i mean, see ASA5505 specs below:

Cisco ASA 5505 10 User Firewall Edition Bundle

Includes: 10 users, 8-port Fast Ethernet switch with 2 Power over Ethernet ports,

10 IPSec VPN peers, 2 SSL VPN peers, Triple Data Encryption.

i mean what 10 users means in the begining.

rajatsetia · ‎07-30-2007

I think this is the number of concurrent ssl/ipsec vpn users (client to site vpn).

see if this url is useful for your reference

http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd80402e3f.html#wp9000021

rgds

Danilo Dy · ‎07-30-2007

***Cisco ASA 5505 10 User Firewall Edition Bundle

- Is the description of the bundle in which "10 User" means includes 10 user license

remote access IPSec VPN

***Includes

- This are the feature/modules included in the bundle in more detail.

- The "10 users" is again 10 user license remote access IPSec VPN

- The "10 IPSec VPN peers" is the maximum site-to-site IPSec VPN

- The "2 SSL VPN peers" is for evaluation and remote management purposes

- "Triple Data Encryption" is also known as IPSec 3DES which indicates IPSec 3DES license

h.parsons · ‎07-30-2007

This talks about the Pix line but I think it is the same for the ASA's:

User Licenses

Cisco PIX 501 Security Appliances, a popular security solution for Small Office/Home Office network environments, support User Licenses. This license controls how many internal users (located on the inside network of a Cisco PIX Security Appliance) that can concurrently access the Internet, or other resources through the outside interface of the appliance. Supported license levels include: 10 users, 50 users, and unlimited users. Cisco Systems provides three different pre-configured bundles of the Cisco PIX 501 Security Appliance, making it easy for businesses to purchase an appliance with the appropriate User License installed. Businesses can upgrade from one User License level to another, as their needs grow, by purchasing the appropriate User License upgrade part number.

srue · ‎07-30-2007

I think it's the number of users allowed to make outbound connections through the pix/asa. the number of VPN users is not included in this number.

If you have a 10 user license, once 10 inside hosts initiate outbound connections, the 11th host will fail. This has nothing to do with internal hosts communicating among one another.

typing this makes me wonder if having an internal proxy server would be one way to bypass this restriction. hrmm.....

mohamedzidan · ‎07-30-2007

thanks very much h.parsons