66-16

Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter66 Setting General VPN Parameters
Configuring VPN Session Limits

The following example shows 100 SSL sessions (active only) and a 2 percent SSL load. These numbers

do not include the inactive sessions. In other words, inactive sessions do not count towards the load for

load balancing.

hostname# show vpn load-balancing
Status : enabled
Role : Master
Failover : Active
Encryption : enabled
Cluster IP : 192.168.1.100
Peers : 1
Load %
Sessions
Public IP Role Pri Model IPsec SSL IPsec SSL
192.168.1.9 Master 7 ASA-5540 4 2 216 100
192.168.1.19 Backup 9 ASA-5520 0000
Configuring VPN Session Limits

You can run as many IPsec and SSL VPN sessions as your platform and ASA license supports. To view

the licensing information including maximum sessions for your ASA, enter the show version command

in global configuration mode. The following example shows the command and the licensing information

from the output of this command:

hostname(config)# show version
Cisco Adaptive Security Appliance Software Version 8.4(1)
Device Manager Version 6.4(1)
Compiled on Sun 02-Jan-11 03:45 by builders
System image file is "disk0:/cdisk.bin"
Config file at boot was "startup-config"
asa4 up 9 days 3 hours
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03
IPsec microcode : CNlite-MC-IPSECm-MAIN-2.06
Number of accelerators: 1
0: Ext: Ethernet0/0 : address is 001e.f75e.8b84, irq 9
1: Ext: Ethernet0/1 : address is 001e.f75e.8b85, irq 9
2: Ext: Ethernet0/2 : address is 001e.f75e.8b86, irq 9
3: Ext: Ethernet0/3 : address is 001e.f75e.8b87, irq 9
4: Ext: Management0/0 : address is 001e.f75e.8b83, irq 11
5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual