Need SSL for ASA 5505 10 license with basic license - security plus license is necessary?

Similar Questions

• which product is right for the ssl vpn: asa 5505 cisco 1841 or

  Hello

  I want to install an outside link management related so that we can ssh to our cisco devices and microsoft RDP toour servers. It's my configuration (based on what I know):

  Internet > DSL modem > ASA 5505 > management CONSOLES SWITCH > SWITCH CISCO or Windwos Server

  or

  Internet > 1841 with DSL HWIC > management CONSOLES SWITCH > SWITCH CISCO or Windwos Server

  My questions are:

  Should I go for ASA or 1841 router?

  What options is better? and ASA will do the job?

  Are there any technical support prior to purchase of products in Australia? I need technical advice on the choice of the right products, not justs eiling me products.

  Hello

  Its strongly suggested to go with ASA 5505 in the first place, it is supposed to feature for the main functionality of ssl vpn server from 1841 which has this feature to be a vpn server.

  ASDM also gives you the freedom to config box on your own based on your condition.

  regds

• licenses for ASA 5505, site-to-site vpn

  Hi, gang,

  I've not worked on ASA for a few years, so a little rusty on the issuance of licenses. my client has 5 locations, a few computers at each location. 4 tunnels vpn site-to-site will be implemented, so that 1 Server @ main location of accounting is accessible from other. simple configuration. I wonder if I have to purchase additional licenses? This is the part number of the device that I'm aiming for:

  ASA5505-BUN-K9
  Cisco ASA 5505 Adaptive Security Appliance 8 ports Fast Ethernet Switch with 10 user licenses

  Thank you!

  Jonathan

  Your license for the VPN is perfectly fine as the Base license supports 10 VPN-peers. The 10 user license is what could restrict more.

  And if the 5505 is not yet bought, go directly to the ASA 5506 - X as the 5505 is a legacy device and will probably go little EOS.

• ASA 5505 Firewall Transparent with a Server Web Question

  I need to replace my Sonicwall firewall and I got an ASA 5505. However, I need to have a transparent firewall, no Natting and Server Web will have a public IP with relevant ports remains open.

  The simple illustration is the Internet---> firewall Transparent - Web Server (With public IP Address)

  1. There should be no natting

  2. the web server must have a public IP address and be accessible from the internet.

  3 ports can be blocked or re-opened.

  Please let me know if its possible to conclude this agreement.

  If so, can I get a command line sequence that allows this work.

  My version is

  Cisco Adaptive Security Appliance Software Version 4,0000 5

  Version 6.4 Device Manager (9)

  Thanks in advance

  Post edited by: Don Charles

  It is a minimum configuration for your needs (runs on ASA 5520).

  !
  transparent firewall
  !
  interface GigabitEthernet0
  Description - the Internet-
  nameif outside
  Bridge-Group 1
  security-level 0
  !
  !
  interface GigabitEthernet3
  Description - connected to the LAN-
  nameif inside
  Bridge-Group 1
  security-level 100
  !
  !

  interface BVI1

  Description - for management only-
  IP 10.1.10.1 255.255.255.0
  !

  !
  network of the WWW-SERVER-OBJ object
  Description - webserver-
  host 123.123.123.123

  !
  !
  WWW-SERVER-SERVICES-TCP-OBJ tcp service object-group
  Description - Serices published on the WEB server-
  port-object eq www
  EQ object of the https port
  !
  !
  OUTSIDE-IN-ACL scopes permitted tcp access list any object WWW-SERVER-OBJ object-group WWW-SERVER-SERVICES-TCP-OBJ
  !
  !
  Access-group OUTSIDE-IN-ACL in interface outside
  !

  Samuel Petrescu

• ASA 5505 IPA ALS with P2P VPN

  Hello support,

  I would like to just confirm that an ASA 5505 with two providers of Internet services on this subject, can build a P2P VPN off the coast of the backup ISP automatically once the main ISP goes down. It has only a single P2P VPN necessary, but if the main ISP goes down, and IP SLA detects failover, can the P2P VPn stand on the backup ISP?

  Hi Anthony,.

  Indeed, if the ISP main goes down the backup ISP will be used based on the configured IP SLA. Many customers have usually the SPLM in the primary and the secondary of a site. However, it is also supported.

  You can find information about the backup of a site here.

  Also a simple set up for the Site to site with backup here

  Please note and mark it as correct this Post!

  David Castro,

  Kind regards

• Issue of ASA 5505 VPN licenses

  I have three places that I want to connect via vpn site-to-site deployed on three ASA 5505. How is the term 'Peers' in the text of license, affecting my script? Each peer ASA in a solution from site to site, or each transmission of user data in the established tunnel also counted?

  Users, passing through the tunnel of site to another are not counted. Only the peers themselves.

• Need help! ASA 5505 not PPTP passthrough to the Server internal

  Hello:

  Recently, I add a new Cisco ASA 5505 like Firewall of the company network. I found that the PPTP authentication has not obtained through internal Microsoft Server. Any help and answer are appriciated.

  Please see my setup as below. Thank you!

  ASA Version 8.4 (3)
  !
  names of
  !
  interface Ethernet0/0
  switchport access vlan 2
  !
  interface Ethernet0/1
  switchport access vlan 2
  !
  interface Ethernet0/2
  !
  interface Ethernet0/3
  !
  interface Ethernet0/4
  !
  interface Ethernet0/5
  !
  interface Ethernet0/6
  !
  interface Ethernet0/7
  !
  interface Vlan1
  nameif inside
  security-level 100
  IP 172.29.8.254 255.255.255.0
  !
  interface Vlan2
  nameif outside
  security-level 0
  IP 177.164.222.140 255.255.255.248
  !
  passive FTP mode
  clock timezone GMT 0
  DNS server-group DefaultDNS
  domain ABCtech.com
  permit same-security-traffic inter-interface
  network obj_any object
  172.29.8.0 subnet 255.255.255.0
  service object RDP
  source eq 3389 tcp service
  Orange network object
  Home 172.29.8.151
  network of the WAN_173_164_222_138 object
  Home 177.164.222.138
  SMTP service object
  tcp source eq smtp service
  service object PPTP
  tcp source eq pptp service
  service of the JT_WWW object
  tcp source eq www service
  service of the JT_HTTPS object
  tcp source eq https service
  network obj_lex object
  172.29.88.0 subnet 255.255.255.0
  network of offices of Lexington Description
  network obj_HQ object
  172.29.8.0 subnet 255.255.255.0
  guava network object
  Home 172.29.8.3
  service object L2TP
  Service udp source 1701 eq
  Standard access list VPN_Tunnel_User allow 172.29.8.0 255.255.255.0
  Standard access list VPN_Tunnel_User allow 172.29.88.0 255.255.255.0
  inside_access_in list extended access permit icmp any one
  inside_access_in tcp extended access list deny any any eq 135
  inside_access_in tcp extended access list refuse any eq 135 everything
  inside_access_in list extended access deny udp any what eq 135 everything
  inside_access_in list extended access deny udp any any eq 135
  inside_access_in tcp extended access list deny any any eq 1591
  inside_access_in tcp extended access list refuse any eq 1591 everything
  inside_access_in list extended access deny udp any eq which 1591 everything
  inside_access_in list extended access deny udp any any eq 1591
  inside_access_in tcp extended access list deny any any eq 1214
  inside_access_in tcp extended access list refuse any eq 1214 all
  inside_access_in list extended access deny udp any any eq 1214
  inside_access_in list extended access deny udp any what eq 1214 all
  inside_access_in of access allowed any ip an extended list
  inside_access_in list extended access permit tcp any any eq www
  inside_access_in list extended access permit tcp any eq www everything
  outside_access_in list extended access permit icmp any one
  outside_access_in list extended access permit tcp any host 177.164.222.138 eq 3389
  outside_access_in list extended access permit tcp any host 177.164.222.138 eq smtp
  outside_access_in list extended access permit tcp any host 177.164.222.138 eq pptp
  outside_access_in list extended access permit tcp any host 177.164.222.138 eq www
  outside_access_in list extended access permit tcp any host 177.164.222.138 eq https
  outside_access_in list extended access allowed grateful if any host 177.164.222.138
  outside_access_in list extended access permit udp any host 177.164.222.138 eq 1701
  outside_access_in of access allowed any ip an extended list
  inside_access_out list extended access permit icmp any one
  inside_access_out of access allowed any ip an extended list
  access extensive list ip 172.29.8.0 outside_cryptomap allow 255.255.255.0 172.29.88.0 255.255.255.0
  inside_in list extended access permit icmp any one
  inside_in of access allowed any ip an extended list
  inside_in list extended access udp allowed any any eq isakmp
  inside_in list extended access udp allowed any isakmp eq everything
  inside_in list extended access udp allowed a whole
  inside_in list extended access permitted tcp a whole
  pager lines 24
  Enable logging
  asdm of logging of information
  Within 1500 MTU
  Outside 1500 MTU
  local pool ABC_HQVPN_DHCP 172.29.8.210 - 172.29.8.230 255.255.255.0 IP mask
  ICMP unreachable rate-limit 1 burst-size 1
  enable ASDM history
  ARP timeout 14400
  NAT static orange interface (inside, outside) source RDP RDP service
  NAT (inside, outside) source obj_HQ destination obj_HQ static static obj_lex obj_
  Lex-route search
  NAT guava Shared source (internal, external) WAN_173_164_222_138 service JT_WWW JT_WWW
  NAT guava Shared source (internal, external) WAN_173_164_222_138 service JT_HTTPS JT_HTTPS
  NAT guava Shared source (internal, external) WAN_173_164_222_138 service RDP RDP
  NAT guava Shared source (internal, external) WAN_173_164_222_138 SMTP SMTP service
  NAT guava Shared source (internal, external) WAN_173_164_222_138 PPTP PPTP service
  NAT guava Shared source (internal, external) WAN_173_164_222_138 service L2TP L2TP
  !
  network obj_any object
  NAT dynamic interface (indoor, outdoor)
  inside_in access to the interface inside group
  Access-group outside_access_in in interface outside
  Route outside 0.0.0.0 0.0.0.0 177.164.222.142 1
  Route inside 172.29.168.0 255.255.255.0 172.29.8.253 1
  Timeout xlate 03:00
  Pat-xlate timeout 0:00:30
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  Floating conn timeout 0:00:00
  dynamic-access-policy-registration DfltAccessPolicy
  AAA-server protocol nt guava
  AAA-server host 172.29.8.3 guava (inside)
  Timeout 15
  guava auth - NT domain controller
  identity of the user by default-domain LOCAL
  Enable http server
  http 172.29.8.0 255.255.255.0 inside
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
  Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
  Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
  Crypto ipsec transform-set esp-3des esp-md5-hmac Remote_VPN_Set ikev1
  Crypto ipsec transform-set esp-3des esp-md5-hmac Remote_vpn_set ikev1
  Crypto ipsec ikev2 AES256 ipsec-proposal
  Protocol esp encryption aes-256
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal AES192
  Protocol esp encryption aes-192
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal AES
  Esp aes encryption protocol
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 proposal ipsec 3DES
  Esp 3des encryption protocol
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal OF
  encryption protocol esp
  Esp integrity sha - 1, md5 Protocol
  Crypto-map Dynamics 20 ikev1 transform-set Remote_VPN_Set set outside_dyn_map
  Crypto-map dynamic outside_dyn_map 20 the value reverse-road
  card crypto outside_map 1 match address outside_cryptomap
  peer set card crypto outside_map 1 173.190.123.138
  card crypto outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5
  ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA'RE
  P-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  outside_map card crypto 1 set ikev2 AES256 AES192 AES 3DES ipsec-proposal OF
  map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map
  outside_map interface card crypto outside
  IKEv2 crypto policy 1
  aes-256 encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 10
  aes-192 encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 20
  aes encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 30
  3des encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 40
  the Encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  Crypto ikev2 allow outside
  Crypto ikev1 allow outside
  IKEv1 crypto policy 1
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 43200
  IKEv1 crypto policy 10
  authentication crack
  aes-256 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 20
  authentication rsa - sig
  aes-256 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 30
  preshared authentication
  aes-256 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 40
  authentication crack
  aes-192 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 50
  authentication rsa - sig
  aes-192 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 60
  preshared authentication
  aes-192 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 70
  authentication crack
  aes encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 80
  authentication rsa - sig
  aes encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 90
  preshared authentication
  aes encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 100
  authentication crack
  3des encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 110
  authentication rsa - sig
  3des encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 120
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 130
  authentication crack
  the Encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 140
  authentication rsa - sig
  the Encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 150
  preshared authentication
  the Encryption
  sha hash
  Group 2
  life 86400
  Telnet 192.168.1.0 255.255.255.0 inside
  Telnet 172.29.8.0 255.255.255.0 inside
  Telnet timeout 5
  SSH timeout 5
  Console timeout 0

  dhcpd auto_config off vpnclient-wins-override
  !
  dhcprelay Server 172.29.8.3 on the inside
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  WebVPN
  allow outside
  internal ABCtech_VPN group strategy
  attributes of Group Policy ABCtech_VPN
  value of server DNS 172.29.8.3
  Ikev1 VPN-tunnel-Protocol
  Split-tunnel-policy tunnelspecified
  value of Split-tunnel-network-list VPN_Tunnel_User
  value by default-field ABCtech.local
  internal GroupPolicy_10.8.8.1 group strategy
  attributes of Group Policy GroupPolicy_10.8.8.1
  VPN-tunnel-Protocol ikev1, ikev2
  name of user who encrypted password eicyrfJBrqOaxQvS
  tunnel-group 10.8.8.1 type ipsec-l2l
  tunnel-group 10.8.8.1 General-attributes
  Group - default policy - GroupPolicy_10.8.8.1
  IPSec-attributes tunnel-group 10.8.8.1
  IKEv1 pre-shared-key *.
  remote control-IKEv2 pre-shared-key authentication *.
  remotely IKEv2 authentication certificate
  pre-shared-key authentication local IKEv2 *.
  tunnel-group ABCtech type remote access
  attributes global-tunnel-group ABCtech
  address ABC_HQVPN_DHCP pool
  authentication-server-group guava
  Group Policy - by default-ABCtech_VPN
  IPSec-attributes tunnel-group ABCtech
  IKEv1 pre-shared-key *.
  tunnel-group 173.190.123.138 type ipsec-l2l
  tunnel-group 173.190.123.138 General-attributes
  Group - default policy - GroupPolicy_10.8.8.1
  IPSec-attributes tunnel-group 173.190.123.138
  IKEv1 pre-shared-key *.
  remote control-IKEv2 pre-shared-key authentication *.
  remotely IKEv2 authentication certificate
  pre-shared-key authentication local IKEv2 *.
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  Policy-map global_policy
  class inspection_default
  inspect the pptp
  inspect the ftp
  inspect the netbios
  !
  172.29.8.3 SMTP server
  context of prompt hostname
  no remote anonymous reporting call
  Cryptochecksum:6a26676668b742900360f924b4bc80de
  : end

  Hello Wayne,

  The first thing I noticed

  In the ACL you are pointing to the broad public while it should be to the private sector (YOU HAVE A PERMIT IP ANY ANY to the end, so it's not bad. FYI, if you decide to take this one any allowed ip address then you should point to private servers ip addresses)

  Now, the policy where the PPTP inspection, etc., will be used is not applied to any service-policy so add:

  global service-policy global_policy

  Don't forget not just for a PPTP connection to get established we should see 2 things:

  -Trading is done on the TCP 1723 port and then traded on Appreciate data packets.

  Follow my blog for more information on this topic:

  http://laguiadelnetworking.com/2012/12/22/what-is-new-on-the-PPTP-inspection-on-the-ASA/

  Try and let me know

  Julio

• Need driver for HP Photosmart 100 work with Windows 7 64 bit

  Anyone know where you can get a printer driver for the HP Photosmart 100 printer? II'm under 64-bit Windows 7 and can't find a driver anywhere. I have the original disc, but it shows be good only as far as Windows XP (Service Pack 3). Any help would be appreciated.

  JDRomine

  Hi @JDRomine,

  By your post, I see that you need drivers for your Photosmart 100 printer. I can help you.

  I checked online, and unfortunately there is no driver available for Windows 7.

  But you could install a generic driver that should work.

  On the computer, go to start, devices and printers, select Add a printer.

  Follow the steps, select HP and Deskjet 9800, Deskjet 450 or the Deskjet 990, from the list. (even if you have a photosmart)

  Have a great day!
  Thank you.

• Impossible to disable Easy VPN remote for ASA 5505 6.4 AMPS

  When installing ASA 5505, we chose Easy VPN remote.  Now, we want to turn it off.  We go to Configuration in ASDM > remote access VPN > Easy VPN remote and try to clear the checkbox enable Easy VPN remote, but it will not uncheck.  How can we disable it?

  ASDM, go in tools--> command line Interface...--> and then enter 'without activating vpnclient'--> the button 'send '.

  Which will disable the Easy VPN remote on the SAA.

  Hope that helps.

• Try to customize login page for ASA 5505 SSL - VPN

  Nice day

  I'm looking for help to customize the login page for the ssl - vpn as mentioned. When the vpn is configured, the default template allows my customers to connect with this: IMAGE 1

  

  While trying to change the login page, I have to create a new customization without CLIENT SSL VPN ACCESS-> PORTAL-> CUSTOMIZATION file in the ASDM. When I do this and I'm trying to change the login page, it comes up with 2 forms of authentication and a fast internal password like this: IMAGE 2

  

  How can I change the login page, I created so that users only see the fields username and password for regular as the default template?

  Thank you all for your time and assistance

  Joel

  Hi Joel,

  What you see is just the preview, right?

  Preview displays the purpose of customization, since the password internal and the second authentication controls are the features that are activated in different parts of the configuration.

  WebVPN

  allow outside
  

  internal-password enable

  !

  attributes global-tunnel-group DefaultWEBVPNGroup
  

  secondary-authentication-server-group second_authentication_server

  
  

  INFO: This command applies only to the SSL VPN - Clientless and AnyConnect.
  

  So I recommend to assign this object of customization to a group policy and test access to the content of the specific connection profile.

  Thank you.

  Portu.

  Please note all useful posts

• ASA 5505 VPN Probs with IPhone 4

  Hi all

  my boss has a problem with the phone 4. When he is @Home he use his WLAN to download emails from the Exchange Server to the phone. It works without problem. When he's on the road he establish a VPN Tunnel but it cannot download, emails or something else. With the monitor of the ASDM, I see the connection, but no data flow when it use HSDPA, 3G, Edge or GPRS. Has anyone an idea to solve this problem?

  The ASA config:

  If the VPN works wirelessly, it should also work via GPRS, etc. This means that the configuration of the SAA is correct.

  Since iPhone Client VPN is not a Cisco VPN Client, but built Apple VPN Client, please contact Apple for more support on that.

  Here are the URL of Cisco, which said that for your reference:

  http://www.Cisco.com/en/us/docs/security/vpn_client/cisco_vpn_client/iPhone/2.0/connectivity/guide/iPhone.html

  Hope this helps your new.

• need driver for dell 968 AIO XPS with Vista 32 bit

  The driver on the dell driver site does not work.  My dell printer installation disc does not get the driver to work.  Printer and driver are correctly all together towards the top. I have installed and reinstalled the 100s of times. \

  Help, please

  http://support.Dell.com/support/topics/global.aspx/support/DellCare/contact_us

  If you have installed the correct drivers and Dell's Producta and drivers do not work, contact Dell at the link for support with their products above.

  See you soon.

  Mick Murphy - Microsoft partner

• Need hardware for ASA HA

  Hi all, just out of curiosity. If I'm going to set up an active/passive failover with ASA primary contains module AIP and backup w/o AIP, will it work?

  In accordance with the requirements of failover, you must have the AIP module in the ASA high school also.

  Kind regards

  Maryse.

• User limit hits 50, but 5505 is certified with more security

  I have an ASA 5505 that gives me the error of usage limit, but I allowed it for more security.  My understanding is that licensed up to unlimited hosts inside?  I am not mistaken?  If this is not the case, how to recognize the unlimited hosts inside?

  Here is my result to see the Version:

  The devices allowed for this platform:
  The maximum physical Interfaces: 8
  VLAN: 20, unrestricted DMZ
  Internal hosts: 50
  Failover: Active / standby
  VPN - A: enabled
  VPN-3DES-AES: enabled
  SSL VPN peers: 2
  The VPN peers total: 25
  Two Internet service providers: enabled
  VLAN Trunk Ports: 8
  Sharing license: disabled
  AnyConnect for Mobile: disabled
  AnyConnect Cisco VPN phone: disabled
  AnyConnect Essentials: disabled
  Assessment of Advanced endpoint: disabled
  Proxy sessions for the UC phone: 2
  Total number of Sessions of Proxy UC: 2
  Botnet traffic filter: disabled

  This platform includes an ASA 5505 Security Plus license.

  Serial number: XXXXXXX
  Activation key running: 0 x
  Registry configuration is 0x1
  Configuration has not been changed since the last system restart

  Any thoughts appreciated.

  Thank you!

  On the 5505 Security Plus does not unlimited number of users. See the table here for a comparison of what offers basic vs Security Plus.

  The upgrade of 50 unlimited users on a 5505 requires the part number L-ASA5505-50-UL =

• Confused about licensing ASA 5505

  The ASA 5505 base license not limited somehow how 'inside' subnets you can have if they are configured on a layer 3 switch that is connected to the ASA5505? I know that I can configure only 3 VLAN on the ASA - but I don't think that it forbids me to use several VLANS on my switch...

  No it does not limit the number of subnets behind it. According to your user license it will limit the number of users can go through the firewall. A version see show how many users are you licensed it. Also make sure you have all routing in place in your ASA.