![cisco asa 5505 upgrade path cisco asa 5505 upgrade path](https://cyruslab.files.wordpress.com/2012/04/dscf1047.jpg)
The question was essentially: without upgrading, what techniques can one employ to conserve host usage.
#Cisco asa 5505 upgrade path license#
Basically I'd like host count to go against:Ģ) production web server accepting 4 NAT'd public-to-dmz IPsĪnd not against private servers that simply need their system times up-to-date.Īlso, just to clarify, host count is based on any internal interface that receives/initiates traffic to/from the outside? In other words, a server on private 10.1.x.x that has no connectivity to the outside is NOT counted as a host.įor the time being I need to stay within base license 10 host limit, but will obviously upgrade to 50 user license as capacity needs increase. That's a bit severe, no? Single packet counts as a host, ouch.Īt any rate, thinking I can preserve these 2 hosts by using one the publicly accessible servers as an NTP server, rather than going outside to public NTP server to get the current time.
![cisco asa 5505 upgrade path cisco asa 5505 upgrade path](https://www.networkstraining.com/images/fromtech21/ciscoasa5505.jpg)
Or so I thought, looks like the 2 internal hosts in question (Linux boxes) periodically send a single UDP packet over port 123 to outside NTP servers to keep correct system time. Investigating further, I see a couple of hosts counted that are restricted to VPN access only, which surprised me since these are internal hosts that do not receive nor initiate traffic to/from outside. Running a "show local-host" I see my host count at 8, a bit too close for comfort with a production web server sitting behind the ASA. Was not aware that ASA 5505 base license restricts number of concurrent hosts to 10 (RTFM, I know).