Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN License for Dyn VPN

Hi All,

I have to create dynmaic VPN on our multicontext firewall ASA 5510 with 250 VPN license.This Firewall will have statically assigned ip address and ten hub sites will obtain ip address dynamically from ISP.

My question is how many VPN license will be utilsed on my firewall 10 or one, ? because there will be only one dynamic VPN entry on FW.

Any suggusetion will welcome.


Super Bronze

VPN License for Dyn VPN


I have not tested myself yet but to me it seems that you will have to be using some new 9.x series software to even have support for VPNs in Multiple Context Mode.

I also presume that you will actually have to allocate VPN session limits to a Security Context for it to be able to use VPN connections.

Also an ASA running in Multiple Context Mode should only support L2L VPN connections. I am not sure if there is any limitations regarding what type of L2L VPN you can configure. I mean if there is any limit regarding using a Dynamic Map as yours would need. Atleast the Command Reference states that the command is supported in Multiple Context Mode so it would seem to be possible.

I guess the limitation regarding VPN Client connections in Multiple Context Mode prevents you from configuring a "tunnel-group" that is of the "remote-access" type.

With regards to the license I would imagine that the ASA will consume the license based on the amount of active connections, not based on the amount of "crypto map" configurations.

Not perhaps 100% accurate information but my own ramblings to get the discussion started.

- Jouni