Maximum VPN Sessions through ASA 5510 firewall

Unanswered Question
Jun 9th, 2009

Hi,

In our Organisation ASA 5510 firewall is configured for Ipsec VPN.

When i check the Maximum IPsec VPN sessions,it is showing as 50 thru command

VPN# sh vpn-sessiondb summary

Active Sessions: Session Information:

LAN-to LAN :0

Peak Concurrent : 50

Remote Access :37 Concurrent Limit : 50

WebVPN :0

WebVPN Limit : 50

Email Proxy :0 Cumulative Sessions : 12890

Total Active Sessions :37 Weighted Active Load : 37

Percent Session Load : 74%

As per above statistics can u briefly explain what is Concurrent Limit : 50,

Cumulative Sessions : 12890.

Here Concurrent sessions limit showing as 50 means only 50 Users can establish VPN connection? but as per Cisco ASA 5510 can establish 250 conections.Is there any License Issue?

Pls help me regarding?

Can u explain what will be the reasons to terminates the Connection establish,Is sessions limit is a resaon?

Pls help?

Tnks

Ramu

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
JORGE RODRIGUEZ Tue, 06/09/2009 - 10:24

Ramu,

Two possible reasons I can think of, one could be your firewall current license, is it base license or Sec Plus ? do show version to confirm is Sec Plus lincese.

or it could be asa code - perhaps a bug misreading the output.

Regards

RamuChichula Tue, 06/09/2009 - 19:59

Hi,

It is a Base License as per Sh Version.So is it Supports only 50 Ip sec VPN Connections?

Tnks

Ramu

RamuChichula Wed, 06/10/2009 - 21:31

Hi,

Pls have a look at the attachement of Version details of CiscoASA 5510 firewal which is using for VPN in our Organisation.Can we upgrade ASA5510 Version (7) to ASA 5510 version8.x,Is it effects more VPN sessions?

Kindly let me know?

Regards

Ramu

Attachment: 
JORGE RODRIGUEZ Thu, 06/11/2009 - 10:19

Hi Steven, indeed interesting seen this and Ramu's issue, I tried loading the 7.0.7 GD code off an offline asa5510 to see output.. but box is under sec plus license, I am suspecting is code restrictions than a marketing typo .

By running 7.0.7 GD code it knocked down 100 VPN peers bringing it down from 250 to 150 limit .

This output is under version 8.0.4

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : 250

WebVPN Peers : 2

AnyConnect for Mobile : Disabled

AnyConnect for Linksys phone : Disabled

Advanced Endpoint Assessment : Disabled

UC Proxy Sessions : 2

This platform has an ASA 5510 Security Plus license.

This output is under 7.0.7 same box

Cisco Adaptive Security Appliance Software Version 7.0(7)

Compiled on Fri 06-Jul-07 10:37 by builders

System image file is "disk0:/asa707-k8.bin"

Config file at boot was "startup-config"

DRhostasa5510PRI up 3 mins 33 secs

failover cluster up 3 mins 33 secs

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : ☻CNlite-MC-Boot-Cisco-1.2

SSL/IKE microcode: ♥CNlite-MC-IPSEC-Admin-3.03

IPSec microcode : ☺CNlite-MC-IPSECm-MAIN-2.04

0: Ext: Ethernet0/0 : address is 001f.ca97.31e8, irq 9

1: Ext: Ethernet0/1 : address is 001f.ca97.31e9, irq 9

2: Ext: Ethernet0/2 : address is 001f.ca97.31ea, irq 9

3: Ext: Ethernet0/3 : address is 001f.ca97.31eb, irq 9

4: Ext: Management0/0 : address is 001f.ca97.31ec, irq 11

5: Int: Not used : irq 11

6: Int: Not used : irq 5

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 25

Inside Hosts : Unlimited

Failover : Active/Standby

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 0

GTP/GPRS : Disabled

VPN Peers : 150

This platform has an ASA 5510 Security Plus license.

RamuChichula Sat, 06/13/2009 - 23:36

hi,

Tnks for your interest on this issue.

can we upgrade 5510 version 7.X to version 8.X,Is it support SSL VPN sessions.If supports how many connections it supports.

In ASA 5520 Version 8.X supports only 2 Webvpn and 750 Ipsec sessions ?

Tks

Ramu

RamuChichula Mon, 06/15/2009 - 04:07

Hi,

Adding above issue is 5510 version 7.0 supports SSL any connect vpn sessions for vista users

Regards

Ramu

RamuChichula Mon, 06/15/2009 - 21:08

Hi all,

How to configure WEBVPN service using ASA 5510 version 7.X server.?

Is ASA 5510 version 7.X supports Anyconnect client

Actions

This Discussion