This limit can only be increased with the Security Plus license on Cisco ASA 5505, ASA 5510, and ASA 5512-X appliances.
Firewall Connections: Cisco ASA Software limits the maximum concurrent count of all stateful connections depending on the hardware platform.The following licensed features fall under the category of basic platform capabilities: Setting the baseline encryption algorithms that the system can use.Limiting the number of protected connections and inside hosts.Establishing the quantity and speed capabilities of physical and logical interfaces.Dictating the elementary characteristics of how an ASA device connects to the network.Basic Platform Capabilitiesīasic licensed features define the foundation of the Cisco ASA capabilities that are common to all installations and designs, such as the following: These categories are discussed in turn next. Tiered capacity features: Depend on the size of a projected user base and allow for future growth.Advanced security features: Can satisfy specific network design goals for a particular Cisco ASA installation.Basic platform capabilities: Typically are relevant to all Cisco ASA deployments.The following licensed features and capacities are not available on any No Payload Encryption hardware models:Īs you identify the correct feature set to take the most advantage of Cisco ASA capabilities while fully protecting your network, it helps to organize the licensed features into the following logical categories: Depending on specific markets and international export regulations, some Cisco ASA models may also ship with the permanent No Payload Encryption license this license ties to the particular hardware without the option of change or removal. For instance, at the time of writing, the clustering feature is currently available only on Cisco ASA 5500-X, ASA 5580, and ASA 5585-X appliances. Not all of the licensed features and capabilities are available on all hardware platforms. On the Cisco ASA 5580 platform, the Base License allows creating up to two application contexts, while several premium licenses of different tiered counts allow extending this limit up to 250 contexts in total. An example of such a feature is the ability to configure security contexts on some Cisco ASA appliances. Other features may carry their own capacity limits that come in quantified tiers.For instance, the Botnet Traffic Filter license will allow you to protect all connections through a Cisco ASA up to the maximum limit for the platform. Some capabilities operate in a simple binary switch fashion whereby the license for the feature type is either enabled or disabled once enabled, there are typically no direct restrictions on how much the feature can be used.In addition to the Base and Security Plus licenses, you can activate other advanced security features individually: For example, you can increase the maximum concurrent firewall connection count on the Cisco ASA 5505 from 10,000 to 25,000 by installing a Security Plus license. Some platforms offer the optional Security Plus license, which may unlock additional features or capacities on top of the Base License. One example of such a feature is Active/Active failover, which is always available on all Cisco ASA 5585-X appliances. In other words, these capabilities are fixed in the given software image for the particular hardware you cannot selectively disable them. Licensed Features on ASAĮvery Cisco ASA platform comes with a certain number of implicitly activated features and capacities as a part of the Base License. Although this flexible system may seem complicated at first, it actually makes the task of customizing a Cisco ASA for your specific business needs quite easy. When multiple Cisco ASA devices participate in failover or clustering, some licensed capacities automatically aggregate up to the platform hardware limit to maximize your investment. You can also activate additional licenses permanently or for a certain duration of time. Some characteristics of the hardware platform or expansion modules can enable certain feature licenses implicitly. To deliver the desired functionality within the available budget while allowing for future scalability, you can unlock advanced security capabilities and increase certain system capacities on demand through a flexible system of feature licenses. Shared Premium An圜onnect VPN licensingĪSA offers a very comprehensive feature set that helps secure networks of all shapes and sizes.Combined licenses in failover and clustering.This chapter covers the following topics: