I saw that without large deployment add-on license the appliance can support up to 500 AAA client. Is that concurrent or total? E.g. customer might have 2000 AAA client but only 400 clients will authenticate. So in this case do I still need to buy the large deployment license?
Hello Karthik. Thanks for the reply. My local Cisco SE told me that the unique IP addresses is based on Network Access Device like switches or routers. It doesn't care how many laptop in customer environment that wants to authenticate with the ACS. Is that true?
Yes. That is true.... 500 limit is for number of aaa clients (devices like routers or switches) that you add as an aaa client...... it doesn't matter for the user database which you have in ACS.
say in you company if you have 800 devices and that you want to control with your ACS as TACACS+/Radius Server... then you need a top up license to add all 800 devices 2 it for authentication....
Also it calculates on unique IP address that we add for authentication..... if you mention a aaa client say router1/192.168.1.10/255.255.255.240 ... then it calculates as 16 devices added to it.... since we have subnet mask added in that way....
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...