Re: PIX 501 licence limit ?

yallies · ‎01-27-2003

hello,

my customer has a PIX 501 with a 10-users licence, he has less than 10 internal IP address buth they open several TCP sessions each through the FW, and we can see a lot of deny on the PIX.

So does the number 10 is a limit for the internal IP address , or for the number of TCP sessions established at the same time ??

thank for your answer

mark.english · ‎01-27-2003

Vallies-

The Pix501 10 user licence is based on the number of concurrent IP sources. Basically, you can have more then 10 users but not more then 10 users accessing the firewall at one given time. The limit of the DHCP is 32 Leases and you can purchase a 50 user license which expands DHCP to 128 leases. The TCP session is limited by the software version which I don't know the exact number but safe to say a very high number.

There is a limit of 5 VPN peer connections at one given time. If the pix is not allow a connection, it could be for many reasons but a few I can think of are as follows:

EXCEED 5 VPN PEER CONNECTIONS AT THE SAME TIME

FIXUP COMMAND NOT SPECIFIED FOR A GIVEN PROTOCAL

I hope this helps you troubleshoot the issue.

Sincerely-

Mark English

englishm@charter.net

mvandorp · ‎01-29-2003

My experience is different. The inside network has about 20 users. The PIX locks up quite reqularly with 'out of license' message. When I check the xlates, only 7 are most used. When I verify MAC table, I see more nodes, but clearing this table doesn't solve the problem. Only a reload of the pix will clear this, and the first 10 are able to connect trhrough the pix again.

Anyone else with usefull info on this topic?

Regards,

Marcel