Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
0
Helpful
3
Replies

PIX 501 10 user license question

pmacdanel
Level 1
Level 1

‎12-06-2005 11:25 AM - edited ‎02-21-2020 12:34 AM

Hello,

for the last week or so since we put in a pix 501 (6.3.4)with a 10 user license there has been at random times one PC (not always the same one) which cannot access the Internet on a LAN with 12 computers. The last time this happened I checked the PIX translations by doing a sh conn and it said 0 in use, 70 most used. There were 12 PC's in the ARP table, and I was able to restore access to for this PC by doing a clear xlate. Is this possibly a license issue, I know the conn table had 0 in use, but 1)how exactly does the PIX count this 10 user restriction?

2)Is there a specific syslog message that is generated when this count is exceeded?

3) I reduced the xlate timeout default to 30min and the conn timeout default to 20min, any other ideas on what could be happening?

-patrick

0 Helpful
3 Replies 3

nkhawaja
Cisco Employee
Cisco Employee

‎12-06-2005 02:40 PM

hi,

what were the number of xlat entries at that time.

you should issue "show xlat" not "show conn" for that.

yes there should be specific syslog generated

thanks

Nadeem

0 Helpful

pmacdanel
Level 1
Level 1
In response to nkhawaja

‎12-07-2005 09:08 AM

Hi Nadeem,

I don't know what the count of xlate's was during the time of the PC not being able to access, but this is what the current table looks like:

xxx# sh xlate

10 in use, 105 most used

PAT Global xxx(2829) Local 10.0.0.60(1082)

PAT Global xxx(2831) Local 10.0.0.60(1085)

PAT Global xxx(2830) Local 10.0.0.60(1084)

PAT Global xxx(1633) Local 10.0.0.2(1052)

PAT Global xxx(2833) Local 10.0.0.60(1088)

PAT Global xxx(2832) Local 10.0.0.60(1087)

PAT Global xxx(1635) Local 10.0.0.60(1083)

PAT Global xxx(1634) Local 10.0.0.60(1081)

PAT Global xxx(2834) Local 10.0.0.71(1174)

PAT Global xxx(1636) Local 10.0.0.60(1086)

I didn't see anything in syslog, however I'm only doing buffer logging, I may have missed it.It shows 10 in use, from 3 IP's. how does the PIX see this license wise?

Thanks for your help

-Patrick

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to pmacdanel

‎12-16-2005 03:40 PM

the license is based on IP addresses and not based on the number of connections from a single IP or number of xlat entries.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card