Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
876
Views
0
Helpful
2
Replies

ASA5505-UL-BUN-K9 - Is This Appropriate

Go to solution
jwbensley
Level 1
Level 1

‎07-06-2012 02:47 AM - edited ‎03-11-2019 04:27 PM

Sorry to be another person asking another question on licenses!

I have 80 internal users so I need an unlimited license on my ASA 5505. However, is the ASA5505-UL-BUN-K9 license limited to only two subnets, a LAN and WAN? Since the 5505 has multiple ethernet ports can I firewall traffic between multiple networks?

Also, this license covers 2 SSL VPN users and 10 IPSEC VPNs. So does this mean only 2 users can work remotely at once? My understanding of IPSEC VPNs was that static IPs are needed at each end. Can users somehow tunnel in over a dynamic IPSEC tunnel, so I can have 10 remote users connecting in from any IP?

Cheers.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎07-06-2012 03:38 AM

This Bundle is heavily restricted as it's only the BASE-license. And with that you only have your inside- and outside-interface and a limited DMZ. If you want more firewall-interfaces you need the SecPlus-bundle.

For VPN:

The BASE-license gives you 10 traditional VPN-sessions. These are L2L- or IPSec-sessions with the old VPN-Client. The limit of the SecPlus is 25 simultaneous users.

The two SSL-VPNs mean, that you can also use the new AnyConnect-client or even the clientless VPN.

If you need more SSL-VPN-sessions or want to use IKEv2 with AnyConnect then you need additional licenses:

1) AnyConnect Essentials which gives you the platform-limit of tunneld session for AnyConnect

or

2) AnyConnect Premium which is licensed per simultaneous user, which gives you tunnel- and clientless access.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Karsten Iwen
VIP
VIP

‎07-06-2012 03:38 AM

This Bundle is heavily restricted as it's only the BASE-license. And with that you only have your inside- and outside-interface and a limited DMZ. If you want more firewall-interfaces you need the SecPlus-bundle.

For VPN:

The BASE-license gives you 10 traditional VPN-sessions. These are L2L- or IPSec-sessions with the old VPN-Client. The limit of the SecPlus is 25 simultaneous users.

The two SSL-VPNs mean, that you can also use the new AnyConnect-client or even the clientless VPN.

If you need more SSL-VPN-sessions or want to use IKEv2 with AnyConnect then you need additional licenses:

1) AnyConnect Essentials which gives you the platform-limit of tunneld session for AnyConnect

or

2) AnyConnect Premium which is licensed per simultaneous user, which gives you tunnel- and clientless access.

0 Helpful

Go to solution
jwbensley
Level 1
Level 1
In response to Karsten Iwen

‎07-09-2012 04:47 AM

Thanks for clearing those points up for me, that's what I needed to know. That gave me the direction to answer all my questions. Thanks very much!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card