09-11-2002 06:44 PM - edited 02-21-2020 12:03 PM
I have a vpn set between 2 pix 501's. I have multiple hosts on each network, for cisco licencing purposes does each host connecting through the vpn require a licence or is the vpn seen as one licence regardless of the amount of hosts establishing connection through it ?
09-11-2002 08:54 PM
Are you referring to connection license (ie 10 and 50) as documented on:http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/px501_ds.htm?
If so, the short answer is it would be seen as one vpn connection, and not be taken out of your connection license.
The above url is a connection license, ie users transversing the pix from inside net to the outside (usually the internet ) as this would need to build a translation on the pix.
The 501 supports only a max of 5 IPSec peers or tunnels. One tunnel is a combination of 1 IKE and 2 IPSec SA. This corresponds to one acl on your PIX vpn config. The more networks you have on your crypto acl, the greater the no. of tunnel, thus be careful on the interpretation. One peer doesn't equate to 5 ipsec peers, it would depend on the no. of sa the peers would form.
09-11-2002 09:04 PM
To clarify... Network A is Connected to network B via vpn between 2 pix 501's if network A has 20 pc's wanting to connect to resources on network B via the vpn will I require a fifty user license or is the vpn seen as 1 user only so a 10 user license will do?
If a 50 user license is required and I put a router between the pix and the pc's does that make it a single connection so the 50 user license will be no longer required?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide