user license issues with ASA in A/A mode

Unanswered Question
Oct 30th, 2008

I need to get 400 users on the Internet with a pair of ASA5520's for high availability. If I get two 250 user models will this work? I figure that when both boxes are working each should have approx 200 users. If one fails then I understand all users will not be able to get on. However, when both are up I would like to have a total of 500 slots available. My concern is that somehow the A/A setup will limit me to the amount of user on one box which would be too low. If this is the case then I would have to purchase two 500 user models which may not be financially possible.

Any ideas of how this would work?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
guibarati Thu, 10/30/2008 - 10:49

The ASA is not licenced based on number of inside users accessing outside network.

You may be looking at VPN peers or Vlan number, which does not limit local users.

DIEGO ALONSO Thu, 10/30/2008 - 11:00

I guess I should have been more specific. I am looking at users but the user count is for the CSC-SSM module. Maybe that means that my plan for two 250 user ASA/CSC-SSM boxes will work since I am pretty sure that the CSC doesn't play a role in the A/A HA setup. What do you think?

ajagadee Thu, 10/30/2008 - 12:12


Technically what you are saying sounds correct but look at the below question from the FAQ for CSC-SSM which you might find interesting.

Q. What is considered a "user"?

A. A user is an employee, contractor, or other regular worker that is protected by the product. For licensing and legal purposes, the CSC-SSM should be licensed for the total, not concurrent, number of users whose traffic is being scanned.



*Pls rate if it helps*


This Discussion