66-17
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter66 Setting General VPN Parameters
Configuring VPN Session Limits
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 250 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5510 Security Plus license.
hostname#
To limit AnyConnect VPN sessions (either IPsec/IKEv1 or SSL) to a lower value than the ASA allows,
use the vpn-sessiondb max-anyconnect-premium-or-essentials-limit command in global
configuration mode. To remove the session limit, use the no version of this command.
For example, if the ASA license allows 500 SSL VPN sessions, and you want to limit the number of
AnyConnect VPN sessions to 250, enter the following command:
hostname(config)# vpn-sessiondb max-anyconnect-premium-or-essentials-limit 250
hostname(config)#
To remove the session limit, use the no version of this command:
hostname(config)# no vpn-sessiondb max-anyconnect-premium-or-essentials-limit 250
hostname(config)#
To limit Cisco VPN client (IPsecIKEv1), Lan-to-Lan VPN, and clientless SSL VPN sessions to a lower
value than the ASA allows, enter the vpn-sessiondbmax-other-vpn-limit command in global
configuration mode:
For example, if the ASA license allows 750 IPsec sessions, and you want to limit the number of IPsec
sessions to 500, enter the following command:
hostname(config)# vpn-sessiondb max-other-vpn-limit 500
hostname(config)#
To remove the session limit, use the no version of this command:
hostname(config)# no vpn-sessiondb max-other-vpn-limit 500
hostname(config)#
For a complete description of the features available with each license, see the document Managing
Feature Licenses for Cisco ASA 5500 Version 8.4 at this URL:
http://www.cisco.com/en/US/docs/security/asa/asa84/license_standalone/license_management/
license.html