VPN 3000 License

dianewalker · ‎10-31-2008

We have two VPN 3005 Concentrators. We setup as Load Balancing. I understand that each VPN Concentrator has a limit of 100 concurrent licenses. Does this license include IPSEC and site-to-site? How does VPN Concentrator count site-to-site license? Does it count the number of site-to-site connection or does it count the number of users connect to the site?

Thanks.

Diane

Farrukh Haroon · ‎11-04-2008

Each tunnel counts as one irrespective of the LAN users as long as you are using the default IPSEC settings. You can enable a separate tunnel for each flow (but that is not the default).

Regards

Farrukh

dianewalker · ‎11-04-2008

Thanks for your response. So, if I setup 10 site-to-site VPNs, it means I am using 10 licenses. How do I find out if I use default IPSEC settings on Site-to-Site?

Thanks.

Diane

Farrukh Haroon · ‎11-04-2008

The setting I was talking about is in the Tunnel >> IPSEC SA section. The default inheritance is 'From Rule'. Which means all LAN users are part of the same tunnel/session. If you change it to 'From Data' then each pair will have their own VPN session.

http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/configuration/guide/polmgt.html#wp1556802

10 VPNs would be counted as 10 yes AFAIK using the default inheritance setting.

Please rate if helpful.

Regards

Farrukh

dianewalker · ‎11-06-2008

Thanks very much for your response and information.

Do I need to change anything on Maximum Active Sessions if I want to use both IPSEC and site-to-site VPN? Configuration -> System -> General -> Sessions. The default is 100 on Maximum Active Sessions and 50 on Maximum Active WebVPN Sessions. I am not setting up the WebVPN.

Thanks.

Diane

Farrukh Haroon · ‎11-08-2008

No the defaults should be OK, they are based on the model.

Regards

Farrukh