[AusNOG] Cisco ASA 5505 licensing?

Aqius aqius at lavabit.com
Wed Jan 30 15:31:55 EST 2013


Also bear in mind the 5505 is not that grunty a box - I've experienced
throughput limitations and if you're running a half decent set of features,
I suggest you'd be pushing it if you expect 100mbit throughput AND 50 odd
concurrent VPNs.

 

From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Johann Lo
Sent: Wednesday, 30 January 2013 15:02
To: Greg Macsok; Glenn Powell; Pinkerton, Eric
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Cisco ASA 5505 licensing?

 

Bear in mind even the base license includes 10x IPSEC peers.

 

There's absolutely nothing wrong with IPSEC VPN, esp if you are running SSL
as  tunnel mode there's not a lot of difference in terms of functionality
(unless you have funny MTU issues or the like), the major advantage is where
you're in restricted connectivity environments you're usually allowed to
HTTPS out whereas IPSEC ports may be blocked.

 

 

Johann Lo

Senior IP Network Engineer

 


 <http://www.aptel.com.au/> 

    Asian Pacific Telecommunications




   Level 14, 1 Queens Road, Melbourne, Victoria, 3004


   p: 03 9863 9863 f: 03 9863 7701 


   e: Johann.Lo at aptel.com.au  w: www.aptel.com.au

 

 

	
  _____  


 

Notices - (1)  If it appears that this email has been sent to you in error,
please delete it (including any attachments) immediately and let the sender
know by reply email.  This email may contain confidential information and
may be privileged.  You may be acting unlawfully if you use, disclose, keep
or rely upon that information.  (2)  This email and any attachment may not
be free of viruses or defects.  The sender is not liable for anything
whatsoever including damage, loss and liability that you experience because
you have received this email and notes that you should ensure that your IT
system is properly safeguarded.  (3)  If this email is not sent in direct
connection with the company's business, the company does not endorse the
content.

 

From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Greg Macsok
Sent: Wednesday, 30 January 2013 2:59 PM
To: Glenn Powell; Pinkerton, Eric
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Cisco ASA 5505 licensing?

 

There are various models of the 5505. The 5505-SEC-BUN-K9 supports unlimited
inside hosts and 250 VPN sessions IIRC. 

 

You can upgrade any of the 5505's to different tiers including unlimited. So
if you pick up a cheap 5505 off Ebay and want to upgrade it to unlimited
hosts, you can.

 

By default, all models of the 5505 only supports 2 SSL VPN (Anyconnect)
clients - if you want more you have to buy more Anyconnect licenses. Also if
you have an iOS or Android device and want to use AnyConnect Mobile - that
is also another separate license.

 

Greg

 

From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Glenn Powell
Sent: Wednesday, 30 January 2013 10:56 AM
To: Pinkerton, Eric
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Cisco ASA 5505 licensing?

 

Having been burnt myself, don't forget the 5505 is the only box that
enforces a limit of 50 internal devices. So a company of 20 people will
easily exhaust that when everyone has a PC, iPad, iPhone etc.

 

Definitely look at the 5510 if the budget allows.

 

Cheers,

Glenn.

 

 

 

On 30 January 2013 13:52, Pinkerton, Eric
<Eric.Pinkerton at baesystemsdetica.com> wrote:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod
_brochure0900aecd80402e39.html

 

My understanding is that you can configure 25 P2P VPN's, 

and up to 25 concurrent client VPN connected although you only get 2 out of
the box, and have to buy additional licences for the rest.

 

From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Joseph Goldman
Sent: Wednesday, 30 January 2013 1:37 PM
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Cisco ASA 5505 licensing?

 

Never had to spec this out myself, but a quick read of the models table
here:

http://www.cisco.com/en/US/products/ps6120/prod_models_home.html

Suggests that you can have a maximum of 10/25 Site-to-Site and IPsec (IKEv1
Client) VPN User Sessions
Then a maximum of 25 AnyConnect or Clientless VPN User Sessions.

This reads to me as 25 of each definition (being 25 of a mix of S2S and
IPSEC, then another 25 of a mix of AnyConnect/Clientless), and being that it
states sessions, would be current connected sessions and not named users.

Of course it is open to different interpretations but that is how I would
read it.

On 30/01/13 1:23 PM, Skeeve Stevens wrote:

Hey all, 

 

I have a customer wanting to spec out a Cisco ASA5505... the baby version.

 

Everything is good except the VPN licensing.

 

On this page:
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

 

It says that the 5505 is 25 VPN users for a few different types.

 

What it doesn't say is whether it is:

- 25 users max across all vpn types

- whether it is PER vpn type or 25 across all types

- whether the VPN is concurrent or named users

- whether the number is a MAXIMUM or what it comes with

 

The last one being the most important.

 

Essentially I have a customer with a size needing about a dozen VPN users..
concurrently... but the above link is very vague.

 

This link: http://packetpushers.net/cisco-asa-licensing-explained/ has some
good information, but the Cisco link doesn't say anything about 10/25.  It
has more information about VPN licensing, it says the 5505 starts with 10,
but the Cisco page doesn't seem to say that.  I'd like confirmation before I
tell the customer what to buy.

 

I am assuming some Ausnog people have had to do this sort of thing. Thanks
in advance.

 

..Skeeve


 

Skeeve Stevens, CEO - eintellego Pty Ltd

skeeve at eintellego.net ; www.eintellego.net <http://www.eintellego.net/>  

Phone: 1300 753 383 <tel:1300%20753%20383> ; Cell +61 (0)414 753 383
<tel:%2B61%20%280%29414%20753%20383>  ; skype://skeeve

facebook.com/eintellego ; linkedin.com/in/skeeve 

twitter.com/networkceoau ; blog: www.network-ceo.net
<http://www.network-ceo.net/> 

Image removed by sender.

The Experts Who The Experts Call

Juniper - Cisco - IBM - Brocade - Cloud

-----

Check out our Juniper promotion website!   <http://eintellego.mx/>
eintellego.mx

 

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

 


_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

 

This email, including any attachment(s), is for the intended recipient(s)
only. The substance of this email is confidential and may contain
information that is the subject of legal professional privilege and/or
copyright, or is otherwise immune, exempt or prohibited from disclosure by
law. If you are not the intended recipient(s), you must not disclose, copy,
use, circulate or otherwise rely upon the information contained in this
email. If you have received this email in error, please notify us
immediately by return email and delete this email. Capricorn Society Limited
disclaims any responsibility or liability whatsoever in connection with
computer viruses, data corruption, delay, interruption, unauthorised access,
unauthorised amendments to emails (including any attachment(s)) or any other
inherent risk of using email or to any person other than the intended
recipient(s) who uses or relies on this email without the prior written
consent of Capricorn Society Limited. 


***********************************
This email has been scanned by Asian Pacific Telecommunications Hosted
Security.
Powered by TrendMicro.
For more information please visit www.aptel.com.au
***********************************

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130130/df065771/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 11835 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130130/df065771/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.gif
Type: image/gif
Size: 2969 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130130/df065771/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 823 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130130/df065771/attachment-0001.jpg>


More information about the AusNOG mailing list