Hi,
The license you need depends on your setup.
If you now have the Base License with 10 users then only 10 hosts behind the ASA can use the Internet. I guess with your AP setup you might end up blocking connections for either your users behind the AP or on the LAN.
Lets say you have have the following setup
- 3 Interfaces
- You want the "inside" users to normally use the Internet
- You want the "dmz" users to ONLY access the Internet
Then you should be fine by only getting a License for either 50 users OR the Unlimited if you user amount is higher than the 50 or very close to that. The limitation you should NOTICE is the fact that "dmz" interface can only communicate towards one interface on the ASA and in this case it should be "outside". So you cant have the AP users be in any way dependant on the services on your "inside" interface since they couldnt communicate there unless you upgrade to Security Plus license.
You can get the Security Plus License which also includes Unlimited user license and addiotional Vlans+Trunking (among other things) . But I think it also contains features you might not need so you might be paying for more than you need.
Here is a link to both a Cisco document and a Non Cisco write up on the Licensing of ASAs
Cisco
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html
Non Cisco
http://packetpushers.net/cisco-asa-licensing-explained/
Hopefully both documents do contain uptodate information
Please rate if you found the information helpfull
- Jouni
