Solved: Overrun nodes license CSC-SSM-10 (100 nodes) ASA5520

alig.norbert · ‎12-02-2009

Hi all,

I got an ASA5520 with a CSC-SSM-10 (100 nodes) in use. There are about 200 host behind.

What happen, when the node license will be overrun. E.g. all 200 hosts are connecting through the firewall/contentfilter

at the same time?

Thanks,

Norbert

Kureli Sankar · ‎12-02-2009

You can issue "sh csc node-count" on the ASA CLI.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s2.html#wp1362072

License upgrade notice Error Message license-upgrade-notice: Your daily node counts (daily_count) has
exceeded your licensed seats (seats) by offset. Please upgrade your license.
Example:
License-upgrade-notice: Your daily node counts (300) has exceeded your licensed seats (100) by 200. Please upgrade your license.
Explanation    This system log message is generated when CSC SSM detects more nodes connected to the CSC SSM than are specified in the current license. In addition to this message, a notification e-mail is sent to the administrator.
•    daily_count—The daily node count that has connected to the CSC SSM •    seats—The number of seats of the CSC SSM license •    offset—The daily count minus the number of seats
Recommended Action    Contact Cisco for a license upgrade.

You can read the above in the csc module admin guide here: http://www.cisco.com/en/US/docs/security/csc/csc62/administration/guide/cscbook.pdf

-KS

View solution in original post

Kureli Sankar · ‎12-02-2009

You can issue "sh csc node-count" on the ASA CLI.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s2.html#wp1362072

License upgrade notice Error Message license-upgrade-notice: Your daily node counts (daily_count) has
exceeded your licensed seats (seats) by offset. Please upgrade your license.
Example:
License-upgrade-notice: Your daily node counts (300) has exceeded your licensed seats (100) by 200. Please upgrade your license.
Explanation    This system log message is generated when CSC SSM detects more nodes connected to the CSC SSM than are specified in the current license. In addition to this message, a notification e-mail is sent to the administrator.
•    daily_count—The daily node count that has connected to the CSC SSM •    seats—The number of seats of the CSC SSM license •    offset—The daily count minus the number of seats
Recommended Action    Contact Cisco for a license upgrade.

You can read the above in the csc module admin guide here: http://www.cisco.com/en/US/docs/security/csc/csc62/administration/guide/cscbook.pdf

-KS

alig.norbert · ‎12-03-2009

Those are concurrent license, aren't they?

Kureli Sankar · ‎12-03-2009

sh csc node-count - That is a dialy node count over a 24 hour period.

daily_count—The daily node count that has connected to the CSC SSM •

Check the CSC module sizing guide for concurrent connection limits:

http://cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_white_paper0900aecd805c3cd6.html

-KS

misha.didebulidze · ‎02-15-2011

Hello,

What will happens with traffic from nodes that are overrun allowed license.

Will this traffic blocked, or just it will not be scaned by CSC module?

Thank you in advance.

with best regards,

D

puseth · ‎04-17-2012

Even after the license violation the traffic for all the users will be scanned by the module.

Despite the error message that you are seeing, the CSC will not drop connections due strictly to license violations. It is only a warning at this point. With a high number of nodes, it is likely that you are overwhelming the CSC processing capacity. If the users are overly aggressive in their connections, they can easily max out the capacity.

For the CSC SSM user license, 1 user = 1 IP address. The IP is counted by the ASA itself, not by the CSC.

Puneet