Does VPN count as 1 user license used?

corey.borton · ‎09-11-2002

I have a vpn set between 2 pix 501's. I have multiple hosts on each network, for cisco licencing purposes does each host connecting through the vpn require a licence or is the vpn seen as one licence regardless of the amount of hosts establishing connection through it ?

cjacinto · ‎09-11-2002

Are you referring to connection license (ie 10 and 50) as documented on:http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/px501_ds.htm?

If so, the short answer is it would be seen as one vpn connection, and not be taken out of your connection license.

The above url is a connection license, ie users transversing the pix from inside net to the outside (usually the internet ) as this would need to build a translation on the pix.

The 501 supports only a max of 5 IPSec peers or tunnels. One tunnel is a combination of 1 IKE and 2 IPSec SA. This corresponds to one acl on your PIX vpn config. The more networks you have on your crypto acl, the greater the no. of tunnel, thus be careful on the interpretation. One peer doesn't equate to 5 ipsec peers, it would depend on the no. of sa the peers would form.

corey.borton · ‎09-11-2002

To clarify... Network A is Connected to network B via vpn between 2 pix 501's if network A has 20 pc's wanting to connect to resources on network B via the vpn will I require a fifty user license or is the vpn seen as 1 user only so a 10 user license will do?

If a 50 user license is required and I put a router between the pix and the pc's does that make it a single connection so the 50 user license will be no longer required?