Cisco ASDM User Guide, 6.1
Feature Licenses and Specifications
Downloads: This chapterpdf (PDF - 195.0KB) The complete bookPDF (PDF - 14.84MB) | Feedback

Feature Licenses

Table Of Contents

Feature Licenses

ASA 5505 Feature Licenses

ASA 5510 Feature Licenses

ASA 5520 Feature Licenses

ASA 5540 Feature Licenses

ASA 5550 Feature Licenses

ASA 5580 Feature Licenses

PIX 515/515E Feature Licenses

PIX 525 Feature Licenses

PIX 535 Feature Licenses


Feature Licenses


This appendix describes feature licenses per model. This appendix includes the following sections:

ASA 5505 Feature Licenses

ASA 5510 Feature Licenses

ASA 5520 Feature Licenses

ASA 5540 Feature Licenses

ASA 5550 Feature Licenses

ASA 5580 Feature Licenses

PIX 515/515E Feature Licenses

PIX 525 Feature Licenses

PIX 535 Feature Licenses


Note Items that are in italics are separate, optional licenses that you can replace the base license. You can mix and match licenses, for example, the 10 security context license plus the Strong Encryption license; or the 500 Clientless SSL VPN license plus the GTP/GPRS license; or all four licenses together.


ASA 5505 Feature Licenses

Table A-1 ASA 5505 Adaptive Security Appliance License Features 

ASA 5505
Base License
Security Plus

Users, concurrent1

10

Optional Licenses:

10

Optional Licenses:

50

Unlimited

50

Unlimited

Security Contexts

No support

No support

VPN Sessions2

10 combined IPSec and Clientless SSL VPN

25 combined IPSec and Clientless SSL VPN

Max. IPSec Sessions

10

25

Max. Clientless SSL VPN Sessions

2

Optional License: 10

2

Optional License: 10

VPN Load Balancing

No support

No support

TLS Proxy for SIP and Skinny Inspection

Supported

Supported

Failover

No support

Active/Standby (no stateful failover)

GTP/GPRS

No support

No support

Maximum VLANs/Zones

3 (2 regular zones and 1 restricted zone that can only communicate with 1 other zone)

20

Maximum VLAN Trunks

No support

Unlimited

Concurrent Firewall Conns3

10 K

25 K

Max. Physical Interfaces

Unlimited, assigned to VLANs/zones

Unlimited, assigned to VLANs/zones

Encryption

Base (DES)

Optional license:
Strong (3DES/AES)

Base (DES)

Optional license:
Strong (3DES/AES)

Minimum RAM

256 MB (default)

256 MB (default)

1 In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit only when they communicate with the outside (Internet VLAN). Internet hosts are not counted towards the limit. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface associated with the default route is considered to be the Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit. In transparent mode, the interface with the lowest number of hosts is counted towards the host limit. See the show local-host command to view the host limits.

2 Although the maximum IPSec and Clientless SSL VPN sessions add up to more than the maximum VPN sessions, the combined sessions should not exceed the VPN session limit. If you exceed the maximum VPN sessions, you can overload the security appliance, so be sure to size your network appropriately.

3 The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with one host and one dynamic translation for every four connections.


ASA 5510 Feature Licenses

Table A-2 ASA 5510 Adaptive Security Appliance License Features 

ASA 5510
Base License
Security Plus

Users, concurrent

Unlimited

Unlimited

Security Contexts

No support

2

Optional Licenses:

5

VPN Sessions1

250 combined IPSec and Clientless SSL VPN

250 combined IPSec and Clientless SSL VPN

Max. IPSec Sessions

250

250

Max. Clientless SSL VPN Sessions

2

Optional Licenses:

2

Optional Licenses:

10

25

50

100

250

10

25

50

100

250

VPN Load Balancing

No support

No support

TLS Proxy for SIP and Skinny Inspection

Supported

Supported

Failover

No support

Active/Standby or Active/Active

GTP/GPRS

No support

No support

Max. VLANs

50

100

Concurrent Firewall Conns2

50 K

130 K

Max. Physical Interfaces

Unlimited

Unlimited

Encryption

Base (DES)

Optional license:
Strong (3DES/AES)

Base (DES)

Optional license:
Strong (3DES/AES)

Min. RAM

256 MB (default)

256 MB (default)

1 Although the maximum IPSec and Clientless SSL VPN sessions add up to more than the maximum VPN sessions, the combined sessions should not exceed the VPN session limit. If you exceed the maximum VPN sessions, you can overload the security appliance, so be sure to size your network appropriately.

2 The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with 1 host and 1 dynamic translation for every 4 connections.


ASA 5520 Feature Licenses

Table A-3 ASA 5520 Adaptive Security Appliance License Features 

ASA 5520
Base License

Users, concurrent

Unlimited

Unlimited

Security Contexts

2

Optional Licenses:

5

10

20

VPN Sessions1

750 combined IPSec and Clientless SSL VPN

Max. IPSec Sessions

750

Max. Clientless SSL VPN Sessions

2

Optional Licenses:

10

25

50

100

250

500

750

VPN Load Balancing

Supported

TLS Proxy for SIP and Skinny Inspection

Supported

           

Failover

Active/Standby or Active/Active

GTP/GPRS

None

Optional license: Enabled

Max. VLANs

150

Concurrent Firewall Conns2

280 K

Max. Physical Interfaces

Unlimited

Encryption

Base (DES)

Optional license: Strong (3DES/AES)

Min. RAM

512 MB (default)

1 Although the maximum IPSec and Clientless SSL VPN sessions add up to more than the maximum VPN sessions, the combined sessions should not exceed the VPN session limit. If you exceed the maximum VPN sessions, you can overload the security appliance, so be sure to size your network appropriately.

2 The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with 1 host and 1 dynamic translation for every 4 connections.


ASA 5540 Feature Licenses

Table A-4 ASA 5540 Adaptive Security Appliance License Features 

ASA 5540
Base License

Users, concurrent

Unlimited

Unlimited

Security Contexts

2

Optional licenses:

5

10

20

50

VPN Sessions1

5000 combined IPSec and Clientless SSL VPN

Max. IPSec Sessions

5000

Max. Clientless SSL VPN Sessions

2

Optional Licenses:

10

25

50

100

250

500

750

1000

2500

VPN Load Balancing

Supported

TLS Proxy for SIP and Skinny Inspection

Supported

Failover

Active/Standby or Active/Active

GTP/GPRS

None

Optional license: Enabled

Max. VLANs

200

Concurrent Firewall Conns2

400 K

Max. Physical Interfaces

Unlimited

Encryption

Base (DES)

Optional license: Strong (3DES/AES)

Min. RAM

1 GB (default)

1 Although the maximum IPSec and Clientless SSL VPN sessions add up to more than the maximum VPN sessions, the combined sessions should not exceed the VPN session limit. If you exceed the maximum VPN sessions, you can overload the security appliance, so be sure to size your network appropriately.

2 The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with 1 host and 1 dynamic translation for every 4 connections.


ASA 5550 Feature Licenses

Table A-5 ASA 5550 Adaptive Security Appliance License Features 

ASA 5550
Base License

Users, concurrent

Unlimited

Security Contexts

2

Optional licenses:

5

10

20

50

VPN Sessions1

5000 combined IPSec and Clientless SSL VPN

Max. IPSec Sessions

5000

Max. Clientless SSL VPN Sessions

2

Optional Licenses:

10

25

50

100

250

500

750

1000

2500

5000

VPN Load Balancing

Supported

TLS Proxy for SIP and Skinny Inspection

Supported

Failover

Active/Standby or Active/Active

GTP/GPRS

None

Optional license: Enabled

Max. VLANs

250

Concurrent Firewall Conns2

650 K

Max. Physical Interfaces

Unlimited

Encryption

Base (DES)

Optional license: Strong (3DES/AES)

Min. RAM

4 GB (default)

1 Although the maximum IPSec and Clientless SSL VPN sessions add up to more than the maximum VPN sessions, the combined sessions should not exceed the VPN session limit. If you exceed the maximum VPN sessions, you can overload the security appliance, so be sure to size your network appropriately.

2 The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with 1 host and 1 dynamic translation for every 4 connections.


ASA 5580 Feature Licenses

Table A-6 ASA 5580 Adaptive Security Appliance License Features 

ASA 5580
Base License

Users, concurrent

Unlimited

Security Contexts

2

Optional licenses:

5

10

20

50

VPN Sessions1

5000 combined IPSec and SSL VPN

Max. IPSec Sessions

5000

Max. SSL VPN Sessions

2

Optional licenses:

10

25

50

100

250

500

750

1000

2500

5000

Optional VPN Flex licenses:2

250

750

1000

2500

5000

VPN Load Balancing

Supported

Advanced Endpoint Assessment

None

Optional license: Enabled

TLS Proxy for SIP and Skinny Inspection3

Supported

Failover

Active/Standby or Active/Active4

GTP/GPRS

None

Optional license: Enabled

Max. VLANs

Version 8.1(1): 100

Version 8.1(2) and later: 250

Concurrent Firewall Conns

5580-20: 1,000 K

5580-40: 2,000 K

Max. Physical Interfaces

Unlimited

Encryption

Base (DES)

Optional license: Strong (3DES/AES)

Min. RAM

4 GB (default)

1 Although the maximum IPSec and Clientless SSL VPN sessions add up to more than the maximum VPN sessions, the combined sessions should not exceed the VPN session limit. If you exceed the maximum VPN sessions, you can overload the security appliance, so be sure to size your network appropriately.

2 Available in Version 8.1(2) and later.

3 Other Unified Communications features are not supported in Version 8.1.

4 You cannot use Active/Active failover and VPN; if you want to use VPN, use Active/Standby failover.


PIX 515/515E Feature Licenses

Table A-7 PIX 515/515E Security Appliance License Features 

PIX 515/515E
R (Restricted)
UR (Unrestricted)
FO (Failover) 1
FO-AA (Failover Active/Active) 1

Users, concurrent

Unlimited

Unlimited

Unlimited

Unlimited

Security Contexts

No support

2

Optional license: 5

2

Optional license: 5

2

Optional license: 5

IPSec Sessions

2000

2000

2000

2000

Clientless SSL VPN Sessions

No support

No support

No support

No support

VPN Load Balancing

No support

No support

No support

No support

TLS Proxy for SIP and Skinny Inspection

No support

No support

No support

No support

Failover

No support

Active/Standby
Active/Active

Active/Standby

Active/Standby
Active/Active

GTP/GPRS

None

Optional license:
Enabled

None

Optional license:
Enabled

None

Optional license:
Enabled

None

Optional license:
Enabled

Max. VLANs

10

25

25

25

Concurrent Firewall Conns2

48 K

130 K

130 K

130 K

Max. Physical Interfaces

3

6

6

6

Encryption

None

Optional licenses:

None

Optional licenses:

None

Optional licenses:

None

Optional licenses:

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Min. RAM

64 MB (default)

128 MB

128 MB

128 MB

1 This license can only be used in a failover pair with another unit with a UR license. Both units must be the same model.

2 The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with 1 host and 1 dynamic translation for every 4 connections.


PIX 525 Feature Licenses

Table A-8 PIX 525 Security Appliance License Features 

PIX 525
R (Restricted)
UR (Unrestricted)
FO (Failover) 1
FO-AA (Failover Active/Active) 1

Users, concurrent

Unlimited

Unlimited

Unlimited

Unlimited

Security Contexts

No support

2

Optional licenses:

2

Optional licenses:

2

Optional licenses:

5

10

20

50

5

10

20

50

5

10

20

50

IPSec Sessions

2000

2000

2000

2000

Clientless SSL VPN Sessions

No support

No support

No support

No support

VPN Load Balancing

No support

No support

No support

No support

TLS Proxy for SIP and Skinny Inspection

No support

No support

No support

No support

Failover

No support

Active/Standby
Active/Active

Active/Standby

Active/Standby
Active/Active

GTP/GPRS

None

Optional license:
Enabled

None

Optional license:
Enabled

None

Optional license:
Enabled

None

Optional license:
Enabled

Max. VLANs

25

100

100

100

Concurrent Firewall Conns2

140 K

280 K

280 K

280 K

Max. Physical Interfaces

6

10

10

10

Encryption

None

Optional licenses:

None

Optional licenses:

None

Optional licenses:

None

Optional licenses:

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Min. RAM

128 MB (default)

256 MB

256 MB

256 MB

1 This license can only be used in a failover pair with another unit with a UR license. Both units must be the same model.

2 The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with 1 host and 1 dynamic translation for every 4 connections.


PIX 535 Feature Licenses

Table A-9 PIX 535 Security Appliance License Features 

PIX 535
R (Restricted)
UR (Unrestricted)
FO (Failover) 1
FO-AA (Failover Active/Active) 1

Users, concurrent

Unlimited

Unlimited

Unlimited

Unlimited

Security Contexts

No support

2

Optional licenses:

2

Optional licenses:

2

Optional licenses:

5

10

20

50

5

10

20

50

5

10

20

50

IPSec Sessions

2000

2000

2000

2000

Clientless SSL VPN Sessions

No support

No support

No support

No support

VPN Load Balancing

No support

No support

No support

No support

TLS Proxy for SIP and Skinny Inspection

No support

No support

No support

No support

Failover

No support

Active/Standby
Active/Active

Active/Standby

Active/Standby
Active/Active

GTP/GPRS

None

Optional license:
Enabled

None

Optional license:
Enabled

None

Optional license:
Enabled

None

Optional license:
Enabled

Max. VLANs

50

150

150

150

Concurrent Firewall Conns2

250 K

500 K

500 K

500 K

Max. Physical Interfaces

8

14

14

14

Encryption

None

Optional licenses:

None

Optional licenses:

None

Optional licenses:

None

Optional licenses:

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Min. RAM

512 MB (default)

1024 MB

1024 MB

1024 MB

1 This license can only be used in a failover pair with another unit with a UR license. Both units must be the same model.

2 The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with 1 host and 1 dynamic translation for every 4 connections.