Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1772
Views
8
Helpful
4
Replies

ASA 5505 Host limit

Notonsite1
Beginner
Beginner

‎04-15-2014 02:54 PM - edited ‎03-11-2019 09:05 PM

Hey all,

 

I have an ASA with a 50 user limit. Below is the current "Sh local-host" output and I just wanted some clarification on what exactly some of it is. 

 

Detected interface 'outside' as the Internet interface. Host limit applies to all other interfaces.

Current host count: 43, towards licensed host limit of: 50------------------------Counts towards limit
Interface outside: 93 active, 239 maximum active, 1 denied--------------------Does not count
Interface inside: 45 active, 60 maximum active, 4061 denied------------------Does this count towards the limit?
 

 

 

Labels:
0 Helpful
4 Replies 4

Rudy Sanjoko
Enthusiast
Enthusiast

‎04-16-2014 01:05 AM

Here is an explanation about host limit on ASA5505, quoted from here:

In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit when they communicate with the outside (Internet VLAN), including when the inside initiates a connection to the outside as well as when the outside initiates a connection to the inside. Note that even when the outside initiates a connection to the inside, outside hosts are not counted towards the limit; only the inside hosts count. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface associated with the default route is considered to be the outside Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit. In transparent mode, the interface with the lowest number of hosts is counted towards the host limit. See the show local-host command to view host limits.

For a 10-user license, the max. DHCP clients is 32. For 50 users, the max. is 128. For unlimited users, the max. is 250, which is the max. for other models.

HTH,

Poonam Garg
Participant
Participant

‎04-16-2014 01:57 AM

For models with host limits, In routed mode, hosts on the inside (Work and Home zones) count towards the limit only when they communicate with the outside (Internet zone). Internet hosts are not counted towards the limit. Hosts that initiate traffic between Work and Home are also not counted towards the limit.

The local host table is organized by ASA interface, and then by host IP address. For each
listed interface, a current connection count and the highest connection count seen since
the last reboot are listed, along with a count of any denied connection requests.

Interface inside: 45 active, 60 maximum active, 4061 denied-------------Not counted towards limit.

as the inside host can make connections to DMZ as well which will not count in host count but will increament count on interface inside..

 

HTH

"Please rate helpful posts"

Notonsite1
Beginner
Beginner
In response to Poonam Garg

‎04-16-2014 06:10 AM

Ok. Thanks guys!

0 Helpful

Rudy Sanjoko
Enthusiast
Enthusiast
In response to Notonsite1

‎04-16-2014 07:26 AM

appreciate if you can rate helpful posts and mark the post as answered.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents