ASA max internal users

Unanswered Question
Feb 25th, 2008

Hi all,

anyone knows how's limit of the configurable internal users on an asa?

Is the nvram size the only limit or is there some other kind of limitation?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
husycisco Mon, 02/25/2008 - 07:47

Hi Max

You can run "sh ver" and see "Inside Hosts". Usually, it is "Unlimited" in most of license types. This is license limitations

As configuration limitations, It actually depends on your concurrent traffic between interfaces. More translation sessions, routing, more CPU and NVRAM utilization. There are no certain limitations.


Massimo Baschieri Mon, 02/25/2008 - 11:08

Hi Huseyin,

I'm interested in configuration limitations, I can understand limitations due to nvram size, but I cannot understand limitations due to cpu utilitazion and active sessions.

What I exactly need to know is, provided that the nvram is big enought to host, lets say, 1000 vpn internal users on an Asa5010, is there any limitations other than the 250 max concurrent connections?

Exept for the exhaustion of the nvram, is there any other limit after that I simply cannot add any further user?



Massimo Baschieri Tue, 02/26/2008 - 08:37

Hi Huseyin,

if you are referring to the detail about "ipsec vpn peers" I'm pretty sure it has to read as "concurrent ipsec connections" as it historically refers to the active isakmp sa's.

Are you aware of the fact that they may match also with the max users configurable on the internal database, that is the running config?

In other words, are you saying that in an asa5510 you can configure 250 internal users then the 250 + 1 is not allowed to be entered even if the nvram is used only for the half of its room?




This Discussion