I need to get 400 users on the Internet with a pair of ASA5520's for high availability. If I get two 250 user models will this work? I figure that when both boxes are working each should have approx 200 users. If one fails then I understand all users will not be able to get on. However, when both are up I would like to have a total of 500 slots available. My concern is that somehow the A/A setup will limit me to the amount of user on one box which would be too low. If this is the case then I would have to purchase two 500 user models which may not be financially possible.
I guess I should have been more specific. I am looking at users but the user count is for the CSC-SSM module. Maybe that means that my plan for two 250 user ASA/CSC-SSM boxes will work since I am pretty sure that the CSC doesn't play a role in the A/A HA setup. What do you think?
Technically what you are saying sounds correct but look at the below question from the FAQ for CSC-SSM which you might find interesting.
Q. What is considered a "user"?
A. A user is an employee, contractor, or other regular worker that is protected by the product. For licensing and legal purposes, the CSC-SSM should be licensed for the total, not concurrent, number of users whose traffic is being scanned.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...