The first log message seems to indicate that the ASA5505 Licensed host limit has been reached.
The ASA5505 to my understanding has atleast 3 different levels of host licensing.
And of those to my understanding the 10 user limit is for the Base License unit, 50 user limit is sold separately for a Base License (or as a bundle) unit and Unlimited is either sold separately for a Base License unit (or as a bundle) or is included with a Security Plus license of the unit. I am not 100% sure about this but that is how I remember it.
The user licensing should work so that the hosts behind the interface holding the Default Route arent considered/counted towards this limit. Only users on your LAN interface or DMZ interface are counted towards this limit.
You should check the following commands output to get a clearer information of the current situation
View the license with
Show the amount of users counted towards the license limit
Look at the top part of the output.
Here is an example from my own home ASA5505 with Base License only
ASA# sh local-host
Detected interface 'WAN' as the Internet interface. Host limit applies to all other interfaces.
Current host count: 3, towards licensed host limit of: 10
There is also some bugs in the newer softwares that might cause problems even though the user limit is not reached.
The second log message you posted is simply the ASA denying traffic based on your ACL called "outside_access_in"
The [0x0, 0x0] at the end indicates that the traffic hits the Implicit Deny rule at the end. This rule doesnt show in the ACL but is the basic well known rule that means that all traffic that is not allowed in the ACL before the end of the ACL is blocked.
I dont see anything out of the ordinary in the log message.
But as I said the first one seems to indicate that you have reached the 10 user limit which would indicate you have a basic ASA5505 with Base License only
Have a look at this Cisco document about the ASA5505 Licensing/Bundle options
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :