VPN 3000 License

Unanswered Question
Oct 31st, 2008
User Badges:

We have two VPN 3005 Concentrators. We setup as Load Balancing. I understand that each VPN Concentrator has a limit of 100 concurrent licenses. Does this license include IPSEC and site-to-site? How does VPN Concentrator count site-to-site license? Does it count the number of site-to-site connection or does it count the number of users connect to the site?

Thanks.


Diane

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Farrukh Haroon Tue, 11/04/2008 - 02:39
User Badges:
  • Red, 2250 points or more

Each tunnel counts as one irrespective of the LAN users as long as you are using the default IPSEC settings. You can enable a separate tunnel for each flow (but that is not the default).


Regards


Farrukh

dianewalker Tue, 11/04/2008 - 20:53
User Badges:

Thanks for your response. So, if I setup 10 site-to-site VPNs, it means I am using 10 licenses. How do I find out if I use default IPSEC settings on Site-to-Site?


Thanks.


Diane

Farrukh Haroon Tue, 11/04/2008 - 21:43
User Badges:
  • Red, 2250 points or more

The setting I was talking about is in the Tunnel >> IPSEC SA section. The default inheritance is 'From Rule'. Which means all LAN users are part of the same tunnel/session. If you change it to 'From Data' then each pair will have their own VPN session.


http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/configuration/guide/polmgt.html#wp1556802


10 VPNs would be counted as 10 yes AFAIK using the default inheritance setting.


Please rate if helpful.


Regards


Farrukh

dianewalker Thu, 11/06/2008 - 14:04
User Badges:

Thanks very much for your response and information.


Do I need to change anything on Maximum Active Sessions if I want to use both IPSEC and site-to-site VPN? Configuration -> System -> General -> Sessions. The default is 100 on Maximum Active Sessions and 50 on Maximum Active WebVPN Sessions. I am not setting up the WebVPN.


Thanks.


Diane

Farrukh Haroon Sat, 11/08/2008 - 05:51
User Badges:
  • Red, 2250 points or more

No the defaults should be OK, they are based on the model.


Regards


Farrukh

Actions

This Discussion