cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
303
Views
0
Helpful
8
Replies
Beginner

VPN Licenses

We were having ASA 5510 Security Plus license ad configured the SSL & IPsec VPN,with this how many maximum user can able to connect to VPN using Anyconnect/VPN client.

License Information:
IPsec : 250 Configured : 250 
SSL VPN : 250 Configured : 250 

 

What is the difference between IPsec & SSL VPN? Clientless & Client?

Everyone's tags (1)
8 REPLIES 8
Highlighted

Re: VPN Licenses

Hi,

 

you will be having in total 250 users which can be mix of IPSEC or SSL. It is mention in their datasheet about the capacity e.g incase of cluster of 10 appliances , maximum of 2500 SSL VPN peers or 2500 IPsec VPN peers per cluster

 

https://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/data_sheet_c78-345385.html

Highlighted
Beginner

Re: VPN Licenses

We didn't have clustering,hence as per your above statement we can have mix of 250 SSL/IPSEC VPN peer.

I have created a pool of 150 IP to connect to VPN and would like to increase the no.of users connecting to VPN

 

Max how many IP address Pool that can be allowed? 250  or more than that

Highlighted

Re: VPN Licenses

Hi,

 

For IP pool, there is no such restriction. You can have a pool of 250+ IP's also.

 

Highlighted
Beginner

Re: VPN Licenses

I could see that the ASA 5510 was EOL, if i'm planning to go for NGFW for about 2000 employee organization. 

 

How do choose a NGFW? 

What are the prerequisites that i need to concentrate on?

Physical vs Virtual NGFW?

Highlighted
Rising star

Re: VPN Licenses

Hi,

 

   Regardless of your IP pool size (bigger than 250 IP's or not), the ASA won't let you have more than 250 concurrent SSL/IPsec sessions; any new incoming session should be denied.


Regards,

Cristian Matei.

Highlighted
Beginner

Re: VPN Licenses

I could see that the ASA 5510 was EOL, if i'm planning to go for NGFW for about 2000 employee organization.



How do choose a NGFW?

What are the prerequisites that i need to concentrate on?

Physical vs Virtual NGFW?
Highlighted

Re: VPN Licenses

Hi,

 

It depends where u will place the firewall.

 

If u place on internet edge to provide protection + VPN concentration + publishing some internal services then I believe u should at least consider following:

 

- bandwidth of the internet link and the capacity of firewall to handle to support with all the security features enabled

 

- VPN capacity, firewall should support 2000 users

 

If there are some local services that will be published outside then it is also a good idea to review number of connections per second and concurrent connections

 

For ur environment, FPR 2120 looks fine since it can handle up to 3500 VPN users

 

Have a look on the below datasheet for detailed specifications:

 

https://www.cisco.com/c/en/us/products/collateral/security/firepower-2100-series/datasheet-c78-742473.html

Highlighted
Beginner

Re: VPN Licenses

If we need only 750 user vpn peer what would be the best ASA product. We are ok with Cloud related Virtual ASA as well.