If you have an ASA with 10 host licenses, and that ASA is a spoke in a lan-to-lan VPN, how do hosts that are talking across the VPN count? I know that NAT hosts that want to go to the internet count as a host, and the 11th host will get denied , but not in a very clear way (the connection just kind of hangs as if it can’t find it or that website is down). If a PC on the inside connects to a resource on the other side of the VPN, does that count as a host license as well, or is that different?
I have a 10 user ASA 5505 that has 16 devices behind at (as shown by DHCPD bindings), 7 of which are IP phones that MOST OF THE TIME only talk to the local voice server. However they sometimes get denied talking across the VPN to other devices, and clearing the VPN and re-establishing the VPN (clear cry isa sa) will usually fix this.
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 10
Dual ISPs : Disabled
VLAN Trunk Ports : 0
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has a Base license.