Cisco Support Community
Community Member

5505 host license and VPN

From what I have read, the 10 host limit only allows 10 hosts access to the internet at any one time, but does not affect hosts connections over a VPN tunnel. However I am seeing that connections are being blocked over a VPN tunnel.

Deny traffic for protocol 6 src inside: dst outside: licensed host limit of 10 exceeded.

Is this correct? Should the ASA ignore VPN traffic when it comes to licenses for the internet?

In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit only when they communicate with the outside (Internet VLAN). Internet hosts are not counted towards the limit. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface associated with the default route is considered to be the Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit. In transparent mode, the interface with the lowest number of hosts is counted towards the host limit.


Re: 5505 host license and VPN


Although the remote VPN hosts are on the outside, they actually come in via VPN and decrypted. Essentially they are inside hosts!


CreatePlease to create content