The interface associated with the default route is considered to be the outside Internet interface. Hosts that initiate traffic between Business and Home are also not counted towards the limit. Note that even when the outside initiates a connection to the inside, outside hosts are not counted towards the limit only the inside hosts count. In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit when they communicate with the outside (Internet VLAN), including when the inside initiates a connection to the outside as well as when the outside initiates a connection to the inside.If you exceed the maximum VPN sessions, you can overload the security appliance, so be sure to size your network appropriately.Īlso as to the 10,50,Unlimited users keep this in mind as well: Although the maximum IPSec and WebVPN sessions add up to more than the maximum VPN sessions, the combined sessions should not exceed the VPN session limit.With the Security Plus License you can have up to 25 Combined IPSEC and WebVPN connections. With the Base License you can have up to 10 Combined IPSEC and WebVPN connections. What the Base and/or Security License gets you. If you wish to stick with Cisco ASA's then you should look at their new Next-Generation ASA-5500-X seriesĪs to VPN connections, I have an ASA-5505 and I use the Windows (7/8) VPN Connection via L2TP/IPSec without the need to purchase any Anyconnect Licenses (unless you wish to use their client).
I believe there has been no Direct announcement from Cisco for the actual ASA-5505 model but other's in that family have reached EOL as well as some of the options that where offered for the entire line. Keep in mind EOL (End-Of-Life) on the ASA-55XX Line. Just a dependable firewall/router that has remote access capabilities via VPN. Thanks for the info! I don't need any fancy Layer 2 features. There are indeed many many models of ASA but feel free to come back here if I/we can offer any more clarification.
I expect you'll have more devices than that so as he said, you'll want to consider the 50-user "model" of 5505 (ASA5505-50-BUN-K9) instead.
If either of those features is necessary for your environment you'll need the ASA5505-SEC-BUN-K9, which is about 150% more expensive.Īs NN mentioned, you should also be mindful that only 10 inside hosts are permitted with the base license. Additionally, Layer 2 trunking is not available. Firstly, with the base model you only get 2.5 VLANs - inside, outside, and a DMZ that is accessible from EITHER inside or outside but not both. The base ASA 5505 (ASA5505-BUN-K9) should be fine for your environment based on what I've read in this thread so far but there are some limitations.
0 kommentar(er)
