Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1252
Views
0
Helpful
2
Replies

407001 Licence limit of 50 exceeded

d.arrow
Level 1
Level 1

‎07-24-2002 10:27 AM - edited ‎02-20-2020 10:10 PM

We own a Pix 501 Firewall (50 user licence). We don't physically own 50 computers and yet the Pix Firewall is reporting "407001 Licence limit of 50 exceeded" in the log file.

Most of our PC's have statically assigned IP addresses (false of habit!!), but I did also have DHCP active on the 501 for those 'rogue' laptops. Anyway, I turned off DHCP to see if that was causing the confusion. Alas, I'm still getting the problem.

Does anyone know what the 501 classes as _a_ user? Has anyone else experienced a similar problem?

Many thanks

Duncan

0 Helpful
2 Replies 2

edadios
Cisco Employee
Cisco Employee

‎07-24-2002 10:00 PM

This below is from documentation of the pix.

If the show local-host shows less than what is mentioned by the log, it could be a bug.

Regards,

%PIX-4-407001: Deny traffic for local-host interface:ip_addr, license limit of count exceeded

Explanation The host limit was exceeded. An inside host is counted toward the limit when one of the following conditions is true:

The inside host has forwarded traffic through the PIX Firewall within the last five minutes.

The inside host currently reserved an xlate connection or user authentication at the PIX Firewall.

Action The host limit is enforced on the low-end platforms. Use the show version command to view the host limit. Use the show local-host command to view the current active hosts and the inside users that have sessions at the PIX Firewall. To force disconnect one or more users, use the clear local-host command. To expire the inside users more quickly from the limit, set the xlate, connection, and uauth timeouts to the recommended values or lower.

0 Helpful

d.arrow
Level 1
Level 1
In response to edadios

‎07-25-2002 05:53 AM

Thanks

I have tried to read the manual before (as well as the Cisco support section on their website ) but I'm afraid for one reason or another I only understand about 1 in every 20 words!!

Anyway, I've done what you suggest and I've found a whole gaggle of IP addresses that have not been used for months or that aren't even in our IP range!! Very wierd.

I've cleared them and its freed up about 20 'slots'. Job done me thinks!

Once again, many thanks for your advice.

Cheers

Duncan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card