cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
18759
Views
5
Helpful
11
Replies

Cisco ASA 5510 VPN - 250 licenses?

david
Level 1
Level 1

I can't seem to find a clear answer on this.  I see that only 2 SSL VPN clients are included, but If I purchase an ASA 5510 (ASA5510-BUN-K9), am I allowed to use it as a VPN endpoint for up to 250 clients?  If so, is that a total of both "site-to-site" and "client" VPN's?             

1 Accepted Solution

Accepted Solutions

Jennifer Halim
Cisco Employee
Cisco Employee

For IPSec VPN (both site-to-site and remote access IPSec VPN client), there are no extra license required as it is included in the appliance.

For SSL VPN, there is default of 2 license, and if you require more than 2 SSL VPN Client connections, then yes, you would need to purchase extra license (either the AnyConnect Essentials license or the AnyConnect Premium license depending on what you need).

View solution in original post

11 Replies 11

Jennifer Halim
Cisco Employee
Cisco Employee

For IPSec VPN (both site-to-site and remote access IPSec VPN client), there are no extra license required as it is included in the appliance.

For SSL VPN, there is default of 2 license, and if you require more than 2 SSL VPN Client connections, then yes, you would need to purchase extra license (either the AnyConnect Essentials license or the AnyConnect Premium license depending on what you need).

Thanks.  So does that mean I can have 250 site-to-site tunnels and 250 remote users connected simultaneously or is it a combination of both, meaning anything after i.e., 125 site-to-site tunnels and 125 concurrent remote users would be capped?  I don't need that many users/tunnels, but I'd like to know the true limit for a planning and sales perspective.  Thanks!! 

Hi David,

Please check the link:

https://supportforums.cisco.com/message/3637206#3637206

Thanks,

Vishnu Sharma

Yes, you are correct. Total for both site-to-site and remote access vpn is 250. Anything after 250 will not connect.

here is the ASA model comparison for your reference:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Hi Jennifer,

 

can i use the below license part number for my site-to-site IPSEC VPN connectivity:

 

ASA5500-SSL-50

No extra license is required for site-to-site IPSec VPN.

The ASA5500-SSL-50 is only for SSL (AnyConnect VPN Client).

Thanks Jennifer for your prompt reply,

 

can u just explain in brief for site-to-site VPN, if i haven't require any license then how many site-to-site vpn i can configure in single device.

 

please give me little bit  different on SSL Essential & Premium license.

 

 

For site-to-site VPN, it depends on the model of ASA that you are using. Here is the model comparison for your reference:

http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/models-comparison.html

 

Please check out the number under "Site-to-site and IPsec IKEv1 client VPN user sessions"

In regards to SSL Essential and Premium license:

- Essential only supports SSL VPN full tunnel mode

- Premium supports all types of SSL VPN (client and clientless) as well as all the advanced feature.

Here is the URL for your reference:

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/overview_c78-527488.html

 

Hope that helps.

Hi Jennifer

By reading the above feed, I learnt that I do NOT need to buy any "ASA5500-SSL-xxx" license on my ASA box if I just use "IPsec IKEv1 client VPN" for end users . Is that correct?

Then, what windows based IPSec client can I deploy for FREE? Can I still deploy Cisco Anyconnect client to my end users? Is the client free of charge?

 

Calvin

hi Calvin,

The IPSec IKEv1 client is included and no extra license is required.

For AnyConnect, the default is 2 Anyconnect Premium license, however, if you need to deploy AnyConnect full tunnel mode only client (for more than 2 users), you will need to purchase AnyConnect Essential license.

Hope that answers your questions.

Thanks Jennifer,

What desktop software I can deploy to end user laptop for the use of IPSec IKEv1?

 

Calvin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: