[AusNOG] Cisco ASA 5505 licensing?

Johann Lo Johann.Lo at aptel.com.au
Wed Jan 30 15:02:28 EST 2013 

Bear in mind even the base license includes 10x IPSEC peers.

There's absolutely nothing wrong with IPSEC VPN, esp if you are running SSL as  tunnel mode there's not a lot of difference in terms of functionality (unless you have funny MTU issues or the like), the major advantage is where you're in restricted connectivity environments you're usually allowed to HTTPS out whereas IPSEC ports may be blocked.




Johann Lo

Senior IP Network Engineer



[cid:apt-logo7f96.jpg]<http://www.aptel.com.au/>
            Asian Pacific Telecommunications    [cid:apcs-member-long7ff5.gif]

   Level 14, 1 Queens Road, Melbourne, Victoria, 3004
   p: 03 9863 9863 f: 03 9863 7701
   e: Johann.Lo at aptel.com.au  w: www.aptel.com.au




________________________________


Notices - (1)  If it appears that this email has been sent to you in error, please delete it (including any attachments) immediately and let the sender know by reply email.  This email may contain confidential information and may be privileged.  You may be acting unlawfully if you use, disclose, keep or rely upon that information.  (2)  This email and any attachment may not be free of viruses or defects.  The sender is not liable for anything whatsoever including damage, loss and liability that you experience because you have received this email and notes that you should ensure that your IT system is properly safeguarded.  (3)  If this email is not sent in direct connection with the company's business, the company does not endorse the content.


From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Greg Macsok
Sent: Wednesday, 30 January 2013 2:59 PM
To: Glenn Powell; Pinkerton, Eric
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Cisco ASA 5505 licensing?

There are various models of the 5505. The 5505-SEC-BUN-K9 supports unlimited inside hosts and 250 VPN sessions IIRC.

You can upgrade any of the 5505's to different tiers including unlimited. So if you pick up a cheap 5505 off Ebay and want to upgrade it to unlimited hosts, you can.

By default, all models of the 5505 only supports 2 SSL VPN (Anyconnect) clients - if you want more you have to buy more Anyconnect licenses. Also if you have an iOS or Android device and want to use AnyConnect Mobile - that is also another separate license.

Greg

From: ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net> [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Glenn Powell
Sent: Wednesday, 30 January 2013 10:56 AM
To: Pinkerton, Eric
Cc: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Cisco ASA 5505 licensing?

Having been burnt myself, don't forget the 5505 is the only box that enforces a limit of 50 internal devices. So a company of 20 people will easily exhaust that when everyone has a PC, iPad, iPhone etc.

Definitely look at the 5510 if the budget allows.

Cheers,
Glenn.



On 30 January 2013 13:52, Pinkerton, Eric <Eric.Pinkerton at baesystemsdetica.com<mailto:Eric.Pinkerton at baesystemsdetica.com>> wrote:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e39.html

My understanding is that you can configure 25 P2P VPN's,
and up to 25 concurrent client VPN connected although you only get 2 out of the box, and have to buy additional licences for the rest.

From: ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net> [mailto:ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net>] On Behalf Of Joseph Goldman
Sent: Wednesday, 30 January 2013 1:37 PM
To: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Cisco ASA 5505 licensing?

Never had to spec this out myself, but a quick read of the models table here:

http://www.cisco.com/en/US/products/ps6120/prod_models_home.html

Suggests that you can have a maximum of 10/25 Site-to-Site and IPsec (IKEv1 Client) VPN User Sessions
Then a maximum of 25 AnyConnect or Clientless VPN User Sessions.

This reads to me as 25 of each definition (being 25 of a mix of S2S and IPSEC, then another 25 of a mix of AnyConnect/Clientless), and being that it states sessions, would be current connected sessions and not named users.

Of course it is open to different interpretations but that is how I would read it.

On 30/01/13 1:23 PM, Skeeve Stevens wrote:
Hey all,

I have a customer wanting to spec out a Cisco ASA5505... the baby version.

Everything is good except the VPN licensing.

On this page:  http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

It says that the 5505 is 25 VPN users for a few different types.

What it doesn't say is whether it is:
- 25 users max across all vpn types
- whether it is PER vpn type or 25 across all types
- whether the VPN is concurrent or named users
- whether the number is a MAXIMUM or what it comes with

The last one being the most important.

Essentially I have a customer with a size needing about a dozen VPN users.. concurrently... but the above link is very vague.

This link: http://packetpushers.net/cisco-asa-licensing-explained/ has some good information, but the Cisco link doesn't say anything about 10/25.  It has more information about VPN licensing, it says the 5505 starts with 10, but the Cisco page doesn't seem to say that.  I'd like confirmation before I tell the customer what to buy.

I am assuming some Ausnog people have had to do this sort of thing. Thanks in advance.

...Skeeve

Skeeve Stevens, CEO - eintellego Pty Ltd
skeeve at eintellego.net<mailto:skeeve at eintellego.net> ; www.eintellego.net<http://www.eintellego.net/>

Phone: 1300 753 383<tel:1300%20753%20383>; Cell +61 (0)414 753 383<tel:%2B61%20%280%29414%20753%20383> ; skype://skeeve

facebook.com/eintellego<http://facebook.com/eintellego> ; linkedin.com/in/skeeve<http://linkedin.com/in/skeeve>

twitter.com/networkceoau<http://twitter.com/networkceoau> ; blog: www.network-ceo.net<http://www.network-ceo.net/>

[cid:image001.jpg at 01CDFEFA.D2259590]
The Experts Who The Experts Call
Juniper - Cisco - IBM - Brocade - Cloud
-----
Check out our Juniper promotion website!  eintellego.mx<http://eintellego.mx/>


_______________________________________________

AusNOG mailing list

AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>

http://lists.ausnog.net/mailman/listinfo/ausnog


_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog

This email, including any attachment(s), is for the intended recipient(s) only. The substance of this email is confidential and may contain information that is the subject of legal professional privilege and/or copyright, or is otherwise immune, exempt or prohibited from disclosure by law. If you are not the intended recipient(s), you must not disclose, copy, use, circulate or otherwise rely upon the information contained in this email. If you have received this email in error, please notify us immediately by return email and delete this email. Capricorn Society Limited disclaims any responsibility or liability whatsoever in connection with computer viruses, data corruption, delay, interruption, unauthorised access, unauthorised amendments to emails (including any attachment(s)) or any other inherent risk of using email or to any person other than the intended recipient(s) who uses or relies on this email without the prior written consent of Capricorn Society Limited.

***********************************

This email has been scanned by Asian Pacific Telecommunications Hosted Security.

Powered by TrendMicro.

For more information please visit www.aptel.com.au<http://www.aptel.com.au>

***********************************


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130130/cbc07a98/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 823 bytes
Desc: image001.jpg
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130130/cbc07a98/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apt-logo7f96.jpg
Type: image/jpeg
Size: 11835 bytes
Desc: apt-logo7f96.jpg
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130130/cbc07a98/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apcs-member-long7ff5.gif
Type: image/gif
Size: 2969 bytes
Desc: apcs-member-long7ff5.gif
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130130/cbc07a98/attachment.gif>

More information about the AusNOG mailing list