Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8281
Views
6
Helpful
3
Replies

ASA 5505 License Issue

Go to solution
gagamboy15
Level 1
Level 1

‎02-06-2010 09:24 AM

Hi Guys,

We have an ASA5505 connected via Site-to-Site VPN, problem is the tunnel is disconnected at random time (intermittent), we have check the privacy settings (edes-sha1.. etc) for both sides and all are Ok.

Except for the logs that showed up in ASA and I think this might be the problem.

LAN -- Cisco ASA550 <-- internet --> Cisco ASA5505 -- LAN (Switch with 24 hosts) *here where the logs showed up

4|Feb 03 2010 20:44:49|450001: Deny traffic for protocol 1 src outside:192.168.1.1/28629 dst inside:192.168.100.1/0, licensed host limit of 10 exceeded.


ASA5505# sh activation-key

Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)51

Licensed features for this platform:
Maximum Physical Interfaces  : 8        
VLANs                        : 3, DMZ Restricted
Inside Hosts                 : 10       
Failover                     : Disabled
VPN-DES                      : Enabled  
VPN-3DES-AES                 : Enabled  
VPN Peers                    : 10       
WebVPN Peers                 : 2        
Dual ISPs                    : Disabled 
VLAN Trunk Ports             : 0        
AnyConnect for Mobile        : Disabled 
AnyConnect for Linksys phone : Disabled 
Advanced Endpoint Assessment : Disabled 
UC Proxy Sessions            : 2      

This platform has a Base license.

The flash activation key is the SAME as the running key.

Do we have any solution for that? Thanks in advance and more power!

regards,

Gagamboy

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎02-06-2010 06:01 PM

You have Base license (10 user license limitation) which means 10 concurrent connection can travers the firewall between inside and outside, you can see concurrent connections count   by issuing   show local-host at  command line .

Depending on your budget you have three other choices  to expand this limitation  ,  use ASA5505-50-BUN-K9 license   allows for 50 user licence  but you ill be in the same spot if going over 50 concurrent connections from inside to outside no DMZ support no Dual ISP support  , or  use  ASA5505-UL-BUN-K9 .. allows unlimited users  no DMZ no dual ISP support.. and lastly ASA5505-SEC-BUN-K9 security plus licence.. unlimited users  , with  DMZ support etc..   I suggest you use Security Plus license to have unlimited in addition to access all other  features that previous license don't have.   

License specs

http://www.cisco.com/en/US/docs/security/asa/asa80/license/license80.html#wp86066

License specs and  part numbers

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html

Regards

Jorge Rodriguez

View solution in original post

3 Replies 3

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎02-06-2010 06:01 PM

You have Base license (10 user license limitation) which means 10 concurrent connection can travers the firewall between inside and outside, you can see concurrent connections count   by issuing   show local-host at  command line .

Depending on your budget you have three other choices  to expand this limitation  ,  use ASA5505-50-BUN-K9 license   allows for 50 user licence  but you ill be in the same spot if going over 50 concurrent connections from inside to outside no DMZ support no Dual ISP support  , or  use  ASA5505-UL-BUN-K9 .. allows unlimited users  no DMZ no dual ISP support.. and lastly ASA5505-SEC-BUN-K9 security plus licence.. unlimited users  , with  DMZ support etc..   I suggest you use Security Plus license to have unlimited in addition to access all other  features that previous license don't have.   

License specs

http://www.cisco.com/en/US/docs/security/asa/asa80/license/license80.html#wp86066

License specs and  part numbers

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html

Regards

Jorge Rodriguez

Go to solution
gagamboy15
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎02-08-2010 06:43 AM

Great! Thanks a lot for the info. Now, I know the solution for this problem.

0 Helpful

Go to solution
dpmaynard
Level 1
Level 1

‎02-19-2010 06:15 AM

Actually, adding the Security Plus license to a base ASA55505-BUN-K9 does NOT increase the concurrent user count.  We own a few of the base units that we use at employee homes.  We are hitting the "10-user" limit (which is apparently a very misleading name) and we wanted to enable trunking so we could attach a WAP running with a separate VLAN/SSID for our WiFi phones.  We purchased and installed a Security Plus license upgrade on one of them.  It did eliminate the trunking/DMZ restrictions and raised the number of allowed VPN connections, but the concurrent user limit is still 10 users.

Apparently, you also need to purchase the UL license upgrade to raise the actual user count.  The product description for the Sec Plus upgrade (ASA5505-SEC-PL) is very misleading in some places.  I did find this official(?) description on one site:

Cisco ASA 5505 Security Plus license (provides stateless Active/Standby high availability, dual ISP support, DMZ support, VLAN trunking support, and increased session and IPSec VPN peer capacities)

The license products to upgrade the user count are: ASA5505-SW-10-50= or L-ASA5505-10-UL=.  Actually, when I ordered the SEC PLUS upgrade, Ingram said I had to order the non-spare part (without the "=" at the end) which cost more than the "spare" (with the "=").

-dpm

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents