I believe Karsten is right -

rolinger1 · ‎12-23-2015

Hello all,

I have been using a PIX 501 running 6.3(5) as my home gateway router for years. Over the last year or so I have had intermittent problems with users getting access to the internet...mainly when guests come to the house. And in the last month the problem worsened dramatically. Finally rolled up my sleeves to go figure out why this is happening only to finally "remember" this is a 10 User limit license problem.

Just off the top of my head I count 12 devices that are routinely trying to access the internet...already 2 over the limit and thats before any guests come to the house. So as you can see, its a constant problem and getting worse and worse the more devices connect to my home network.

Cisco says the PIX 501 is EOL/EOS as of July 2013 and thus won't really talk to me about getting another license.

Is there ANYTHING I can do to get a 50 user license? I mean, this is for my home network and I love the PIX...its been a rock solid work horse for at least 10 years now. I really don't want to part with it because of user license limitation for a product they don't even support anymore. If they won't support it can't they just give away the 50 user licenses?

Ugh! I really do hope someone here has a solution...I really don't want to go get another device.

Please help me keep my beloved PIX.

PS: Worst case scenario is I use other wifi routers to act as a wifi domain gateway setting its WAN IP to that of the Primary PIX so that all wifi connections come through the main PIX as a single IP address. But I really want to avoid "routing" on my home network as that will introduce additional issues (particularly for devices trying to auto-discover each other if they are on different subnets). But I really prefer not to have to go this route if at possible.

rolinger1 · ‎12-23-2015

After additional research I am starting to think the 50 user upgrade requires another physical device. Is this true? Is the 10 user to 50 user upgrade a software upgrade/setting...or is it changing out to another physical device?

Karsten Iwen · ‎12-24-2015

If I remember right, it was a license that was needed. But you can't buy the license anymore.

But: The days of the PIX are over. You are using a device for security that hasn't seen any security-fixes for many years. These devices shouldn't be connected to the internet any more.

You could look at ebay for a used 5505 with 50 user license. Well also this device is old, but at least there are versions with 50 users and there are still bugfixes available. And as they are now often replaced against 5506-X, they should be quite cheap on ebay. If you go that way, make sure you get one with 512 MB RAM.

Marvin Rhoads · ‎12-24-2015

I believe Karsten is right - it was a license (activation-key). Those are tied to the device serial number and can only be generated by Cisco using their licensing tool.

I'd have asked Santa for a shiny new ASA 5506-X. That way you can have real security with the FirePOWER Services module looking deep into the traffic to protect against 2015-era threats instead of the basic security that the Pix is doing - i.e blind to most of the modern threat spectrum.

Even if you go with a used ASA 5505 you will still have limited protection from current generation threats and be limited in the fact that no new functionality is being developed for it. It is better than a Pix though.

Help...Pix 501 10-user license limit.