ASA 5505 Determine Your License Version

KB ID 0000701

Problem

If you are having problems with internal clients NOT getting through the firewall, the license on your ASA 5505 may be ‘to small’.

ASA 5505 License Differences

Essentially the licenses come in 10 user, 50 user, and unlimited*. You can also have a Security Plus License, this increases IPSEC VPN’s from 10 to 25, and adds Active/Standby failover, Dual ISP Support, and DMZ Support.

*Note: These figures are the concurrent total users, for internal clients making connections through the firewall, from the internal VLAN to the external VLAN (not between internal VLANS). If you have no default route defined then the limit is placed in ALL hosts on ALL VLANS.

From Cisco 

In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit when they communicate with the outside (Internet VLAN), including when the inside initiates a connection to the outside as well as when the outside initiates a connection to the inside. Note that even when the outside initiates a connection to the inside, outside hosts are not counted towards the limit; only the inside hosts count. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface associated with the default route is considered to be the outside Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit. In transparent mode, the interface with the lowest number of hosts is counted towards the host limit. See the show local-host command to view host limits.

Solution

To locate your license version issue the following command whilst in enable mode. ‘sho ver or show version’.

code?

ASA 5505 10 User License

ASA5505 50 User License

ASA 5505 Unlimited License

ASA 5505 Security Plus License

Related Articles, References, Credits, or External Links

Find out your Cisco ASA version (Operating system and ASDM)

Cisco ASA 5500 – Adding Licenses