cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
411
Views
0
Helpful
1
Replies

VPN License for Dyn VPN

mohammedrafiq
Level 1
Level 1

Hi All,

I have to create dynmaic VPN on our multicontext firewall ASA 5510 with 250 VPN license.This Firewall will have statically assigned ip address and ten hub sites will obtain ip address dynamically from ISP.

My question is how many VPN license will be utilsed on my firewall 10 or one, ? because there will be only one dynamic VPN entry on FW.

Any suggusetion will welcome.

Rgeards,

1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

I have not tested myself yet but to me it seems that you will have to be using some new 9.x series software to even have support for VPNs in Multiple Context Mode.

I also presume that you will actually have to allocate VPN session limits to a Security Context for it to be able to use VPN connections.

Also an ASA running in Multiple Context Mode should only support L2L VPN connections. I am not sure if there is any limitations regarding what type of L2L VPN you can configure. I mean if there is any limit regarding using a Dynamic Map as yours would need. Atleast the Command Reference states that the command is supported in Multiple Context Mode so it would seem to be possible.

I guess the limitation regarding VPN Client connections in Multiple Context Mode prevents you from configuring a "tunnel-group" that is of the "remote-access" type.

With regards to the license I would imagine that the ASA will consume the license based on the amount of active connections, not based on the amount of "crypto map" configurations.

Not perhaps 100% accurate information but my own ramblings to get the discussion started.

- Jouni