Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Max # of VPN clients & site-to-site VPN tunnels simultaneously on ASA 5505

Hi,  I wanted to know the maximum VPN client sessions (using the Cisco VPN  client) and Site-to-Site VPN tunnels that I can connect to my ASA 5505  simultaneously.

In other words, if I have x VPN clients and y Site-to-Site  tunnels, at any time, does x + y have to be <= 10 (Total VPN Peers)?  If yes, can I upgrade to the security plus license to increase the Total VPN Peers to 25?

Thanks, Sam

Licensed features for this platform:

Maximum Physical Interfaces    : 8

VLANs                          : 3, DMZ Restricted

Inside Hosts                   : Unlimited

Failover                       : Disabled

VPN-DES                        : Enabled

VPN-3DES-AES                   : Enabled

SSL VPN Peers                  : 2

Total VPN Peers                : 10

Dual ISPs                      : Disabled

VLAN Trunk Ports               : 0

Shared License                 : Disabled

AnyConnect for Mobile          : Disabled

AnyConnect for Cisco VPN Phone : Disabled

AnyConnect Essentials          : Disabled

Advanced Endpoint Assessment   : Disabled

UC Phone Proxy Sessions        : 2

Total UC Proxy Sessions        : 2

Botnet Traffic Filter          : Disabled

This platform has a Base license.

Everyone's tags (2)
2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Max # of VPN clients & site-to-site VPN tunnels simultaneous

Hi Bro

With the Cisco ASA 5505 Base License (Part Number: ASA5505-UL-BUN-K9) that you have currently, you can have a maximum of 10 IPSEC VPN tunnels (Remote Access VPN and Site-to-Site VPN) active, at any given time.

Note: This doesn’t affect the 2 SSLVPN Peers. This is a separate story/counting.

If you do need more than 10, then you could purchase the Cisco ASA 5505 Security Plus bundle license (Part Number: ASA5505-SEC-BUN-K9). With this, you can now have a maximum of 25 IPSEC VPN tunnels (Remote Access VPN and Site-to-Site VPN) active, at any given time.

Furthermore, if you do have the budget, you might wanna look into purchasing the Cisco ASA 5505 unlimited user with AIP SSC-5 and Security Plus License bundle (Part Number: ASA5505-U-AIP5P-K9) too. This IPS module greatly enhance firewall protection by blocking threats and network attacks, including worms, Trojans, viruses, and attacks against operating system and application vulnerabilities, with up to 75 Mbps of IPS throughput.

P/S: if you think this comment is useful, please do rate them nicely :-) and select the option “this question is answered”.

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department

Re: Max # of VPN clients & site-to-site VPN tunnels simultaneous

Yes bro.  x + y has to be <= 10 (Total VPN Peers).

P/S: if you think this comment is useful, please do rate them nicely :-) and select the option “this question is answered”.

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
5 REPLIES

Re: Max # of VPN clients & site-to-site VPN tunnels simultaneous

Hi Bro

With the Cisco ASA 5505 Base License (Part Number: ASA5505-UL-BUN-K9) that you have currently, you can have a maximum of 10 IPSEC VPN tunnels (Remote Access VPN and Site-to-Site VPN) active, at any given time.

Note: This doesn’t affect the 2 SSLVPN Peers. This is a separate story/counting.

If you do need more than 10, then you could purchase the Cisco ASA 5505 Security Plus bundle license (Part Number: ASA5505-SEC-BUN-K9). With this, you can now have a maximum of 25 IPSEC VPN tunnels (Remote Access VPN and Site-to-Site VPN) active, at any given time.

Furthermore, if you do have the budget, you might wanna look into purchasing the Cisco ASA 5505 unlimited user with AIP SSC-5 and Security Plus License bundle (Part Number: ASA5505-U-AIP5P-K9) too. This IPS module greatly enhance firewall protection by blocking threats and network attacks, including worms, Trojans, viruses, and attacks against operating system and application vulnerabilities, with up to 75 Mbps of IPS throughput.

P/S: if you think this comment is useful, please do rate them nicely :-) and select the option “this question is answered”.

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
Community Member

Re: Max # of VPN clients & site-to-site VPN tunnels simultaneous

Just to add closure to the mathematical side of the question, x + y has to be <= 10 (Total VPN Peers), right?

Re: Max # of VPN clients & site-to-site VPN tunnels simultaneous

Yes bro.  x + y has to be <= 10 (Total VPN Peers).

P/S: if you think this comment is useful, please do rate them nicely :-) and select the option “this question is answered”.

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
Community Member

Max # of VPN clients & site-to-site VPN tunnels simultaneously o

Helo Ramraj

I have purchased a ASA 5512-X with this two items:

  1. ASA-VPN-CLNT-K9           QTY 1
  2. ASA-ANYCONN-CSD-K9   QTY 1

Can you explain me what is the funtion of each one (Documentation), when we are talking about Remote Access VPN and Site-to-Site VPN.

When I have to use each licence.

Regards

Wilson Veliz Plua

Max # of VPN clients & site-to-site VPN tunnels simultaneously o

Hi Bro

Remote Access VPN and Site-to-Site VPN are deployed for different reasons.

Site-to-Site VPN is used when you’ve an HQ in one country, and branch offices worldwide, for example. Hence, you’ll configure Site-to-Site VPN to interconnect all these branch offices worldwide with your HQ. In most cases, you’ll use either a Router or a Firewall for this purpose. This is to allow the private IP Addresses in each branch office to communicate with the private IP Addresses in HQ.

Note: As you know, private IP Addresses cannot traverse through the Internet cloud, unless it’s a public IP Addressing scheme.

Meanwhile, Remote Access VPN is used when you wanted to access LAN resources in your office e.g. File Server, Email Server, Application Server, from your home or hotel. In this example only, you’ll use a VPN client software to establish a VPN tunnel with your office’s VPN server e.g. Router, Firewall etc.

Those days, Cisco VPN client (ASA-VPN-CLNT-K9) was famous but now it’s EOL. For this reason, Cisco urges all to opt for Cisco Anyconnect (ASA-ANYCONN-CSD-K9) instead.

Conclusion: Cisco Anyconnect and Cisco VPN client are examples of VPN client software used only in Remote Access VPN deployment.

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
26316
Views
10
Helpful
5
Replies
CreatePlease to create content