×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Max # of VPN clients & site-to-site VPN tunnels simultaneously on ASA 5505

Answered Question
Aug 16th, 2012
User Badges:

Hi,  I wanted to know the maximum VPN client sessions (using the Cisco VPN  client) and Site-to-Site VPN tunnels that I can connect to my ASA 5505  simultaneously.


In other words, if I have x VPN clients and y Site-to-Site  tunnels, at any time, does x + y have to be <= 10 (Total VPN Peers)?  If yes, can I upgrade to the security plus license to increase the Total VPN Peers to 25?




Thanks, Sam


Licensed features for this platform:

Maximum Physical Interfaces    : 8

VLANs                          : 3, DMZ Restricted

Inside Hosts                   : Unlimited

Failover                       : Disabled

VPN-DES                        : Enabled

VPN-3DES-AES                   : Enabled

SSL VPN Peers                  : 2

Total VPN Peers                : 10

Dual ISPs                      : Disabled

VLAN Trunk Ports               : 0

Shared License                 : Disabled

AnyConnect for Mobile          : Disabled

AnyConnect for Cisco VPN Phone : Disabled

AnyConnect Essentials          : Disabled

Advanced Endpoint Assessment   : Disabled

UC Phone Proxy Sessions        : 2

Total UC Proxy Sessions        : 2

Botnet Traffic Filter          : Disabled


This platform has a Base license.

Correct Answer by Ramraj Sivagnan... about 5 years 2 days ago

Yes bro.  x + y has to be <= 10 (Total VPN Peers).




P/S: if you think this comment is useful, please do rate them nicely :-) and select the option “this question is answered”.

Correct Answer by Ramraj Sivagnan... about 5 years 2 days ago

Hi Bro

With the Cisco ASA 5505 Base License (Part Number: ASA5505-UL-BUN-K9) that you have currently, you can have a maximum of 10 IPSEC VPN tunnels (Remote Access VPN and Site-to-Site VPN) active, at any given time.


Note: This doesn’t affect the 2 SSLVPN Peers. This is a separate story/counting.


If you do need more than 10, then you could purchase the Cisco ASA 5505 Security Plus bundle license (Part Number: ASA5505-SEC-BUN-K9). With this, you can now have a maximum of 25 IPSEC VPN tunnels (Remote Access VPN and Site-to-Site VPN) active, at any given time.


Furthermore, if you do have the budget, you might wanna look into purchasing the Cisco ASA 5505 unlimited user with AIP SSC-5 and Security Plus License bundle (Part Number: ASA5505-U-AIP5P-K9) too. This IPS module greatly enhance firewall protection by blocking threats and network attacks, including worms, Trojans, viruses, and attacks against operating system and application vulnerabilities, with up to 75 Mbps of IPS throughput.




P/S: if you think this comment is useful, please do rate them nicely :-) and select the option “this question is answered”.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Ramraj Sivagnan... Thu, 08/16/2012 - 08:51
User Badges:
  • Silver, 250 points or more

Hi Bro

With the Cisco ASA 5505 Base License (Part Number: ASA5505-UL-BUN-K9) that you have currently, you can have a maximum of 10 IPSEC VPN tunnels (Remote Access VPN and Site-to-Site VPN) active, at any given time.


Note: This doesn’t affect the 2 SSLVPN Peers. This is a separate story/counting.


If you do need more than 10, then you could purchase the Cisco ASA 5505 Security Plus bundle license (Part Number: ASA5505-SEC-BUN-K9). With this, you can now have a maximum of 25 IPSEC VPN tunnels (Remote Access VPN and Site-to-Site VPN) active, at any given time.


Furthermore, if you do have the budget, you might wanna look into purchasing the Cisco ASA 5505 unlimited user with AIP SSC-5 and Security Plus License bundle (Part Number: ASA5505-U-AIP5P-K9) too. This IPS module greatly enhance firewall protection by blocking threats and network attacks, including worms, Trojans, viruses, and attacks against operating system and application vulnerabilities, with up to 75 Mbps of IPS throughput.




P/S: if you think this comment is useful, please do rate them nicely :-) and select the option “this question is answered”.

samiam12345 Thu, 08/16/2012 - 09:34
User Badges:

Just to add closure to the mathematical side of the question, x + y has to be <= 10 (Total VPN Peers), right?

Correct Answer
Ramraj Sivagnan... Thu, 08/16/2012 - 09:58
User Badges:
  • Silver, 250 points or more

Yes bro.  x + y has to be <= 10 (Total VPN Peers).




P/S: if you think this comment is useful, please do rate them nicely :-) and select the option “this question is answered”.

Wilson Gabriel ... Mon, 12/09/2013 - 14:11
User Badges:

Helo Ramraj


I have purchased a ASA 5512-X with this two items:


  1. ASA-VPN-CLNT-K9           QTY 1
  2. ASA-ANYCONN-CSD-K9   QTY 1


Can you explain me what is the funtion of each one (Documentation), when we are talking about Remote Access VPN and Site-to-Site VPN.


When I have to use each licence.


Regards


Wilson Veliz Plua

Ramraj Sivagnan... Mon, 12/09/2013 - 17:49
User Badges:
  • Silver, 250 points or more

Hi Bro

Remote Access VPN and Site-to-Site VPN are deployed for different reasons.


Site-to-Site VPN is used when you’ve an HQ in one country, and branch offices worldwide, for example. Hence, you’ll configure Site-to-Site VPN to interconnect all these branch offices worldwide with your HQ. In most cases, you’ll use either a Router or a Firewall for this purpose. This is to allow the private IP Addresses in each branch office to communicate with the private IP Addresses in HQ.


Note: As you know, private IP Addresses cannot traverse through the Internet cloud, unless it’s a public IP Addressing scheme.


Meanwhile, Remote Access VPN is used when you wanted to access LAN resources in your office e.g. File Server, Email Server, Application Server, from your home or hotel. In this example only, you’ll use a VPN client software to establish a VPN tunnel with your office’s VPN server e.g. Router, Firewall etc.


Those days, Cisco VPN client (ASA-VPN-CLNT-K9) was famous but now it’s EOL. For this reason, Cisco urges all to opt for Cisco Anyconnect (ASA-ANYCONN-CSD-K9) instead.


Conclusion: Cisco Anyconnect and Cisco VPN client are examples of VPN client software used only in Remote Access VPN deployment.

Actions

This Discussion