license to route
OK, I'm back and I'm going to try not to let my blog rot, like almost EVERYONE else's I know...
Recently I've had a awful pain in my side, and it turned out to be a pointy Cisco license restriction.
It started with sporadic trouble at the client as they began to use their VPN's more heavily. They had purchased a Cisco ASA 5505 to use as their VPN router, on my recommendation, and everything had been fine until we added another IPSEC tunnel and had more people accessing the remote sites. After some experimentation, we found the magic number to be 10 users, after which no one else could connect to anything across the VPN's.
Whoa... that sounds just like the "user" limit on this device! I hate user limits. Artificial restrictions on the capability of some hardware tends to piss me off. But I digress... This user limit restriction was a complete surprise because although we purchased a "10 user" ASA, I had talked to two different Cisco reps before the purchase to clarify the meaning of this and had been assured that this "user" limit did not pertain to users/IP's connecting over the IPSEC tunnels, and we didn't care about anything else as this device is strictly a VPN-gateway--they already have a m0n0wall in use as their primary internet gateway router.
So, Cisco screwed up. Fortunately I am a digital pack-rat and could produce a year-old email proving that the rep told me that the "user" limit meant 10 IPSEC tunnels with no limit on number of users. The truth is that there were two limits: 10 tunnels AND 10 users/IP's. Unfortunately, it took about two and a half weeks of dealing with assorted Cisco people to finally get a resolution, in the form of a free unlimited user license upgrade.
The outcome is satisfactory, but it really pisses me off that I had to waste so much time troubleshooting and getting it resolved after I tried hard to avoid this very problem by contacting them before buying. Furthermore, based on my conversations with half a dozen Cisco employees I can say that most of them didn't really understand the licensing terms of their own product, which is pretty sad. How am I supposed to understand if they don't? The less clear the license terms, the more likely that someone is going to get surprised by some restriction at the worst possible moment, and then swear off ever buying that brand again.
