ASA 5505 10 user limit

mickyq · ‎09-16-2013

Hi

Can anyone explain how the licences are used.

basically if I have 10 hosts connected does this mean they will be fine or does it mean 1 host can have 10 connections to outside addresses and the rest of the hosts cant connect to anything.

thanks

Jouni Forss · ‎09-16-2013

Hi,

Here is a quote from Cisco documentation regarding the ASA 5505 Licensing

In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit when they communicate with the outside (Internet VLAN), including when the inside initiates a connection to the outside as well as when the outside initiates a connection to the inside. Note that even when the outside initiates a connection to the inside, outside hosts are not counted towards the limit; only the inside hosts count. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface associated with the default route is considered to be the outside Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit. In transparent mode, the interface with the lowest number of hosts is counted towards the host limit.

See the show local-host command to view host limits.

Source:

http://www.cisco.com/en/US/docs/security/asa/asa83/license_standalone/license_management/license.html#wp1450337

So as you can see, if you for example have a Base License ASA5505 with 3 Vlans (DMZ, Restricted) then you should be able to use 10 hosts behind your LAN and DMZ interfaces in total if they all need to access the Internet behind the WAN link. Host behind the WAN interface are not counted towards the 10 user limit.

Also the command mentioned in the above quote is a great way to keep track of the host limit.

Hope this helps

- Jouni