I have a vpn set between 2 pix 501's. I have multiple hosts on each network, for cisco licencing purposes does each host connecting through the vpn require a licence or is the vpn seen as one licence regardless of the amount of hosts establishing connection through it ?
If so, the short answer is it would be seen as one vpn connection, and not be taken out of your connection license.
The above url is a connection license, ie users transversing the pix from inside net to the outside (usually the internet ) as this would need to build a translation on the pix.
The 501 supports only a max of 5 IPSec peers or tunnels. One tunnel is a combination of 1 IKE and 2 IPSec SA. This corresponds to one acl on your PIX vpn config. The more networks you have on your crypto acl, the greater the no. of tunnel, thus be careful on the interpretation. One peer doesn't equate to 5 ipsec peers, it would depend on the no. of sa the peers would form.
To clarify... Network A is Connected to network B via vpn between 2 pix 501's if network A has 20 pc's wanting to connect to resources on network B via the vpn will I require a fifty user license or is the vpn seen as 1 user only so a 10 user license will do?
If a 50 user license is required and I put a router between the pix and the pc's does that make it a single connection so the 50 user license will be no longer required?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...