cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


611
Views
0
Helpful
2
Replies
Highlighted
Beginner

CSC-SSM and user/seat

Hello,

I need for explanation about the way the number of user/eat used is calculated.

A customer has a basic license for CSC-SSm with 50 seats.

In the night he receives a mail explaining that there is a license violation .

I find that a seat is in fact one IP address.

The command 'sh csc-node' summarizes the number of IP addresses seen by the CSC-SSM module (from inside interface) for the day (from midnight to midnight).

1) is that to says that only 50 IP inside addresses can be analyzed by the CSC-SSM module ?

    what about if 2 more end-users need to go outside (throught this CSC-SSm card)   are they blocked ?

2)  as some IP inside addresses are used for only 1 hour a day (even less), how can we get some more IP addresses be analyzed by this module ?

3) can we reduce the intervalle used by the command 'sh csc node-count' ?

4)  can we get this node count by SNMP polling,  what is the OID to be polled ?

Regards,

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CSC-SSM and user/seat

Hello,

See [MR] inline for the answers to your questions:

1) is that to says that only 50 IP inside addresses can be analyzed by the CSC-SSM module ? what about if 2 more end-users need to go outside (throught this CSC-SSm card)   are they blocked ?

[MR] No, the IPs that exceed the seat count will not be blocked. The license exceeded message is purely informational.

2)  as some IP inside addresses are used for only 1 hour a day (even less), how can we get some more IP addresses be analyzed by this module ?

[MR] You can purchase license upgrades for the CSC to increase the seat count. For example, if you wanted to upgrade from 100 seats to 250 seats for a CSC-SSM-10, you would purchase the following licensing part number:

ASA-CSC10-100-250=

3) can we reduce the intervalle used by the command 'sh csc node-count' ?

[MR] No, this is hard-coded for a 24 hour period and cannot be changed.

4)  can we get this node count by SNMP polling,  what is the OID to be polled ?

[MR] No, this is only available through 'show csc node-count' command. You would need to write a script to login to the firewall and collect this output if you wanted to monitor this remotely.

Hope that helps.

-Mike

2 REPLIES 2
Cisco Employee

Re: CSC-SSM and user/seat

Hello,

See [MR] inline for the answers to your questions:

1) is that to says that only 50 IP inside addresses can be analyzed by the CSC-SSM module ? what about if 2 more end-users need to go outside (throught this CSC-SSm card)   are they blocked ?

[MR] No, the IPs that exceed the seat count will not be blocked. The license exceeded message is purely informational.

2)  as some IP inside addresses are used for only 1 hour a day (even less), how can we get some more IP addresses be analyzed by this module ?

[MR] You can purchase license upgrades for the CSC to increase the seat count. For example, if you wanted to upgrade from 100 seats to 250 seats for a CSC-SSM-10, you would purchase the following licensing part number:

ASA-CSC10-100-250=

3) can we reduce the intervalle used by the command 'sh csc node-count' ?

[MR] No, this is hard-coded for a 24 hour period and cannot be changed.

4)  can we get this node count by SNMP polling,  what is the OID to be polled ?

[MR] No, this is only available through 'show csc node-count' command. You would need to write a script to login to the firewall and collect this output if you wanted to monitor this remotely.

Hope that helps.

-Mike

Beginner

Re: CSC-SSM and user/seat

hello Mike,

1) thank you for those answers.

2) regarding the 2 or 3 more seats used avoer the figure according by the license, if the traffic isn't block and the message only for information, then what happens to this traffic ?

Is it send without any control ?

is it controled and maybe blocked for unauthorised site ?

how much users can be managed by this feature/service  with a 50 seats license ? (and the message only for information).

regards,

Jean-david