Layer3

Adventures in Networking, Routing, Switching, Virtualization, Storage, etc.

  • Archives

  • Categories

  • Blog Stats

    • 182,048 visits
  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 29 other followers

ASA 5505, Ten User Licenses Is Never Enough

Posted by Chris on April 19, 2012

The Cisco ASA 5505 offers three user licensing options, 10 users, 50 users and unlimited.  A licensed user is a device that communicates from the internal to external VLAN.  Unlicensed users are not allowed access to the external VLAN, which in almost every installation scenario equates to no internet access.

Even in a small branch office, ten user licenses can be cutting it close.  Consider the equipment typically deployed in a remote branch office with three employees.

Three Laptops
One Wireless AP
One Printer/MFP
Three Mobile Phones (using the wireless AP)
Two Tablets/iPads
Total – 10 Licenses

As you can see, its easy to max out a ten user license. Add a server and you’re over the ten user limit. Sure, we can save licenses by not allowing the mobile phones to use the wireless LAN. But, connecting to the WAP while int he office makes sense, provides a better end-user experience and could save a few dollars on their data plan.

Things are even worse when you consider deploying an ASA 5505 for a Remote/Home Office user. For this scenario let’s assume the 5505 will be deployed as the primary internet gateway at the users home. Let’s also assume there are three computer literate family members using the typical gadgets you would find in any connected home.

Two Desktops
One Laptop
One Wireless AP
One Printer
One Game Console
Two Amazon Kindles
One iPad
Two Mobile Phones (using the WAP)
One Roku/Apple TV
Total – 12 Licenses

We’re easily over the limit of ten users. The ASA was never intended to be a consumer device and considering the licensing model it’s easy to see why.

The Bottom Line
It’s time for Cisco to consider raising the entry level license for the ASA 5505 to 25 users. In the two typical scenarios illustrated above the ten user license is simply not practical and forces one to consider the more expensive 50 user license.  This is one of the reasons I recently replaced my home ASA 5505 with a Cisco RV-220W.  Granted it’s not a full featured as an ASA, but it has an integrated 802.11N WAP, site-to-site and remote access VPN capabilities and the option to add content filtering.  The ASA 5505 has become a nice addition to my home lab.

Advertisements

One Response to “ASA 5505, Ten User Licenses Is Never Enough”

  1. systemsamurai said

    I’ve been looking for a decent home office device for some users at my company. Does the RV220W work well when connecting to a ASA? Can it support multiple IPSec connections? Are the all of the internal connections, WiFi and Ethernet, on the same network? Is the device easy enough to use for a non-technical person to handle?

    I’m going to look at the datasheet this weekend. But I would love to hear some real world experience with it.

    Thanks.

    Justin

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: