Question : Cisco ASA questions

Couple questions on the ASA product family - one easy, one a bit more involved:

1) Looking at the these products, I want to confirm that there is NO restriction on how many users can be accessing the web through them, and that this would only be limited by the firewall throughout itself.  For example, the ASA 5505 is rated for 150 total throughput - I'm trying to determine how many users could be reasonably expected to access the web through this device.  I also want to make sure that there is no "per-user" limit for this, and that the 10/25 limitations on the 5505 only apply to VPN clients/peers.

2) We have a customer that has a Microsoft ISA Server that is also using Cyfin Reporter/CyBlock ISA for web tracking/blocking.  I need to know what would need to be purchased/implemented along with a Cisco ASA to provide this same type of functionality.

As always, reference docs/links are appreciated.

Thanks in advance!

Answer : Cisco ASA questions

Sorry, more confusion was not the intent.

If you order the 10 user license it means that that the ASA will only allow 10 concurrent IP addresses to access the external networks from the internal networks - note CONCURRENT. For a 50-user license, its 50 users and unlimited is therefore obvious. If you use the dhcp service on the ASA, the license count also has an impact here. The 10 user license allows 32 dhcp ip addresses to be assigned to internal clients, the 50 uuser license allows 128 internal dhcp clients.

I found this neat explanation and it may help...

“In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit only when they communicate with the outside (Internet VLAN). Internet hosts are not counted towards the limit. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface associated with the default route is considered to be the Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit. In transparent mode, the interface with the lowest number of hosts is counted towards the host limit. See the show local-host command to view host limits. “

So, only ip addresses that are activelyaccessing the internet via the ASA get counted against the user count. Once they stop accessing the internet they are dropped from the user count.



Random Solutions  
 
programming4us programming4us