We have an ASA5505 connected via Site-to-Site VPN, problem is the tunnel is disconnected at random time (intermittent), we have check the privacy settings (edes-sha1.. etc) for both sides and all are Ok.
Except for the logs that showed up in ASA and I think this might be the problem.
LAN -- Cisco ASA550 <-- internet --> Cisco ASA5505 -- LAN (Switch with 24 hosts) *here where the logs showed up
4|Feb 03 2010 20:44:49|450001: Deny traffic for protocol 1 src outside:192.168.1.1/28629 dst inside:192.168.100.1/0, licensed host limit of 10 exceeded.
ASA5505# sh activation-key
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)51
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
This platform has a Base license.
The flash activation key is the SAME as the running key.
Do we have any solution for that? Thanks in advance and more power!
You have Base license (10 user license limitation) which means 10 concurrent connection can travers the firewall between inside and outside, you can see concurrent connections count by issuing show local-host at command line .
Depending on your budget you have three other choices to expand this limitation , use ASA5505-50-BUN-K9 license allows for 50 user licence but you ill be in the same spot if going over 50 concurrent connections from inside to outside no DMZ support no Dual ISP support , or use ASA5505-UL-BUN-K9 .. allows unlimited users no DMZ no dual ISP support.. and lastly ASA5505-SEC-BUN-K9 security plus licence.. unlimited users , with DMZ support etc.. I suggest you use Security Plus license to have unlimited in addition to access all other features that previous license don't have.
License specs and part numbers