Re: ASA 5505 - possible inaccurate inside host count

btallon33 · ‎11-03-2010

I have a customer with an ASA5505 - base license and 50 user limit.

They have been hitting the limit and users are unable to get outbound through the ASA.

When I run SH local-host , I only see 21 local hosts listed on the inside interface but it claims there are 43 hosts active.

Am I missing something here?

Maykol Rojas · ‎11-03-2010

Hello,

Would you please do a "show resource usage"? And then do a show "local-host | inc local host:". Count the host over there (inside host) and check if they match with the resource usage.

Thanks!

Mike

btallon33 · ‎11-03-2010

Inside Interface still lists 43 active hosts. I only see 21.

ASA# sh res usa
Resource              Current
Telnet                      1
Syslogs [rate]             46
Conns                     118
Xlates                    136
Hosts                    1411
Conns [rate]               31
Inspects [rate]            14

ASA# show local-host | inc loc
local host: <166.137.136.131>,
local host: <72.167.232.56>,
local host: <100.0.0.43>,
local host: <166.137.137.37>,
local host: <66.45.29.125>,
local host: <100.0.0.145>,
local host: <67.217.249.13>,
local host: <64.4.44.91>,
local host: <100.0.0.120>,
local host: <174.252.209.33>,
local host: <82.94.255.100>,
local host: <99.164.109.255>,
local host: <100.0.0.137>,
local host: <100.0.0.108>,
local host: <207.58.203.199>,
local host: <216.23.162.18>,
local host: <207.58.203.196>,
local host: <12.168.79.242>,
local host: <184.205.65.167>,
local host: <166.137.137.110>,
local host: <64.94.18.201>,
local host: <100.0.0.231>,
local host: <64.62.195.166>,
local host: <100.0.0.127>,
local host: <100.0.0.103>,
local host: <166.137.137.165>,
local host: <207.58.203.194>,
local host: <166.137.138.45>,
local host: <166.137.136.155>,
local host: <166.137.138.137>,
local host: <64.94.18.129>,
local host: <174.252.210.172>,
local host: <100.0.0.226>,
local host: <208.111.170.60>,
local host: <100.0.0.171>,
local host: <74.125.93.109>,
local host: <74.125.47.188>,
local host: <100.0.0.21>,
local host: <64.94.18.161>,
local host: <17.149.37.13>,
local host: <166.137.139.199>,
local host: <100.0.0.3>,
local host: <166.137.136.72>,
local host: <64.94.18.205>,
local host: <100.0.0.119>,
local host: <192.168.0.58>,
local host: <192.168.0.71>,
local host: <192.168.0.6>,
local host: <192.168.0.168>,
local host: <192.168.0.56>,
local host: <192.168.0.69>,
local host: <192.168.0.43>,
local host: <192.168.0.12>,
local host: <192.168.0.10>,
local host: <192.168.0.66>,
local host: <192.168.0.33>,
local host: <192.168.0.64>,
local host: <192.168.0.75>,
local host: <192.168.0.221>,
local host: <192.168.0.167>,
local host: <192.168.0.169>,
local host: <192.168.0.15>,
local host: <192.168.0.54>,
local host: <192.168.0.171>,
local host: <192.168.0.170>,
SOLON-ASA#

btallon33 · ‎11-04-2010

Last night I ran "Clear Xlate" and "Clear Local-hosts All" and then checked "sh local". At that time the Current Host Count was 14 and the number of IPs listed in the output matched.

I just checked again this morning and the host count is now listed as 24 but I still only see 14 IPs listed.

Any advice is appreciated, I am going to open a case with Cisco and I report back any findings.

Thanks.