Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
698
Views
0
Helpful
2
Replies

[ASA 5505] VPN/Host License

Carlos A. Silva
Level 3
Level 3

‎11-09-2010 09:47 AM

Hi, I have the following:

Licensed features for this platform:
Maximum Physical Interfaces : 8        
VLANs                       : 3, DMZ Restricted
Inside Hosts                : 10       
Failover                    : Disabled
VPN-DES                     : Enabled  
VPN-3DES-AES                : Enabled  
VPN Peers                   : 10       
WebVPN Peers                : 2        
Dual ISPs                   : Disabled 
VLAN Trunk Ports            : 0  

I would like to ask about exceeding license limits and the interaction between those license limits.

1.- What happens when I exceed the VPN Peer Maximum? Does the tunnel come up, but ASA denies traffic or it doesn't come up at all?

2.- Does the Inside host limit have any effect on the VPN Peer Maximum? That is if I bring up a RA tunnel (count VPN User =1) would I have access to 10 Inside hosts only (while those hosts get to browse the Internet for example)? If i bring up a second tunnel (VPN User =2), will those 10 Inside hosts be active for the second tunnel remote access user? I'm assuming that the outside user number has no limit, inside ip addresses will be limited to 10, correct?

Thanks in advance!

c.

Labels:
0 Helpful
2 Replies 2

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎11-09-2010 10:35 AM

Hi,

1. I'm not sure about this one. I think that the tunnel won't come up at all.

2. The inside host limited is totally unrelated to the VPN peer max. The inside host limit applies only to inside hosts trying to get through the ASA.

You can increment the amount of local-host connections through or the VPN max. without affecting the other.

Federico.

0 Helpful

Carlos A. Silva
Level 3
Level 3
In response to Federico Coto Fajardo

‎11-09-2010 10:39 AM

Thanks, Federico. I thought so (about Q#2). Let's see if someone can shed some light into Q#1.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents