Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
235
Views
0
Helpful
1
Replies

5505 host license and VPN

tahequivoice
Level 2
Level 2

‎06-23-2009 07:43 AM

From what I have read, the 10 host limit only allows 10 hosts access to the internet at any one time, but does not affect hosts connections over a VPN tunnel. However I am seeing that connections are being blocked over a VPN tunnel.

Deny traffic for protocol 6 src inside:192.168.3.33/1104 dst outside:192.0.0.201/80 licensed host limit of 10 exceeded.

Is this correct? Should the ASA ignore VPN traffic when it comes to licenses for the internet?

In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit only when they communicate with the outside (Internet VLAN). Internet hosts are not counted towards the limit. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface associated with the default route is considered to be the Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit. In transparent mode, the interface with the lowest number of hosts is counted towards the host limit.

Labels:
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎07-01-2009 01:28 AM

Todd,

Although the remote VPN hosts are on the outside, they actually come in via VPN and decrypted. Essentially they are inside hosts!

HTH>

0 Helpful
Customers Also Viewed These Support Documents