With a 10- or 50-user license, the PIX will not allow new connections to the Internet.
The workaround to this is to issue the clear local-host command to clear the licenses and allow new connections.
Possible solutions are discussed below.
Check Network Address Translation (NAT) configurations to be sure you are not running out of global addresses. If you do not have Port Address Translation (PAT) configured, you could try configuring PAT so that the PIX will use the PAT address for further translations when the global addresses in the NAT pool run out.
A PAT example is shown below.
global (outside) interface
Check how many users are making connections through the PIX. If the number of connections exceeds your license, then you will need to upgrade to a 50-user license or upgrade to another platform.
The example below shows how to see how many local-hosts you have.
show local-host local host: <_10.1.1.15>, conn(s)/limit = 2/0, embryonic(s)/limit = 0/0 Xlate(s): PAT Global 22.214.171.124(1024) Local 10.1.1.15(516) PAT Global 126.96.36.199(0) Local 10.1.1.15 ICMP id 340 PAT Global 188.8.131.52(1024) Local 10.1.1.15(1028) Conn(s): TCP out 184.108.40.206:23 in 10.1.1.15:1026 idle 0:00:25 Bytes 1774 flags UIO UDP out 220.127.116.11:31649 in 10.1.1.15:1028 idle 0:00:17 flags D- local host: <_10.1.1.17>, conn(s)/limit = 2/0, embryonic(s)/limit = 0/0 Xlate(s): PAT Global 18.104.22.168(1025) Local 10.1.1.17(516) PAT Global 22.214.171.124(0) Local 10.1.1.17 ICMP id 340 PAT Global 126.96.36.199(1025) Local 10.1.1.17(1028) Conn(s): TCP out 188.8.131.52:23 in 10.1.1.17:1027 idle 0:00:25 Bytes 1774 flags UIO UDP out 184.108.40.206:31649 in 10.1.1.17:1029 idle 0:00:17 flags D-
If the above solutions do not work, then you may be running into Bug ID CSCdw25026. This bug is fixed in 6.1(4) code.
I am having an issue on 3850 running 16.9.5 which is loosing sgacl information
User authenticates to the Switch and the SGACL information is downloaded
IPv4 Role-based permissions default:
IPv4 Role-based permissions from group 6:Gues...
Hi, I have an IPSEC site to site VPN between to Cisco ASA 5505 firewalls. I have managed to get the VPN tunnel to establish, however, I seem to be unable to get any traffic to flow between the sites.Network details are as follows: Site A:Network ID: ...
Objective:- To combine configurations of two separate (2.3) ISE deployment into a (2.7) new deployment.- To refresh the old deployments (2 existing deployment)Overview:There are two separate deployments, and the new deployment must have both of the config...
Join us live on Tuesday, July 14 (and on demand after) to learn what impacts COVID-19 has had on the information security landscape from one of the people living that fight.
We'll take your questions live during the show and after, so post them belo...