cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1250
Views
0
Helpful
3
Replies

Cisco Pix 501

bluechips23
Level 1
Level 1

Hello,

This is my first post here, so if I posted this question in a wrong thread, please let me know.

At my office, we have a Cisco Pix 501 router that has been working fine for last 3 years. But last couple weeks, the internet keeps getting disconnected. Over the last few years, we have expanded into more than 70 people (from 30), so obviously the network usage has increased.

I did many troubleshooting but I can't determine where the problem is. Every 20-30 minutes, the internet gets disconnected.

Here's the set up - The Router sits between the Time Warner optical fiber media converter and our switches. The switches connect to the different computers in the office. I attached the network diagram here (for simplicity, I showed only 3 Pcs, but there are about 50+ of them now)

Network Diagram.PNG

When internet gets disconnected, I can ping the gateway (the Cisco router), but I can't connect to the media converter. I called Time Warner and they did variety of testing to tell me that their media converter is working fine. As soon as I restart (or reload) the router, everything works fine - so if it were an issue with Time Warner's media converter, then rebooting or reloading the router wouldn't have worked as well.

I also did extensive virus scanning in our entire office network's computers using McAfee Enterprise as well as SpyBot - I couldn't find anything suspicious. Since I could ping from the computer to the router during the time when the internet is down, I believe there's nothing wrong in the set up of the intermediary switches or the computers themselves. And since rebooting or reloading the router always fixes this issue, I think this is an issue with the router. I haven't changed the configuration of the router at all for last 3 years. It has been working fine, but now suddenly it's acting up.

One thing I did notice when I did the "show version", is that the "Inside Hosts:" is set to "50". I have been reading different other configurations and I see that they all have "Inside Hosts" set to "unlimited". Surely enough, we have hired few more people last few weeks and the number of network devices have increased from less than 50 to more than 50. I wonder if that's the problem. If so, how do I change "Inside Hosts" from "50" to "unlimited"?

I have no idea what to do. We hired an IT consultant and Network Engineer to find a solution for this, but he also has been unsuccessful so far. Right now, we have no ideas or leads as to why this is happening.

Help!

1 Accepted Solution

Accepted Solutions

lgijssel
Level 9
Level 9

It looks as if your PIX has a license for 50 inside hosts. They could be licensed for 10 (silly), 50 or unlimited inside hosts.

When the licensed number is exceeded, connections are dropped, just like you describe.

This appears to occur at random but to my knowledge, the oldest entries are aged out.

No matter how this is done exactly, you now simply have too many users for your firewall device.

PIX501 is an end-of-sale box so you cannot get an upgrade license anymore.

Bottomline: you will need to buy an ASA instead.

Replacement product is the AS5505 but as your user population has increased, you may consider a 5510 as well.

regards,

Leo

View solution in original post

3 Replies 3

lgijssel
Level 9
Level 9

It looks as if your PIX has a license for 50 inside hosts. They could be licensed for 10 (silly), 50 or unlimited inside hosts.

When the licensed number is exceeded, connections are dropped, just like you describe.

This appears to occur at random but to my knowledge, the oldest entries are aged out.

No matter how this is done exactly, you now simply have too many users for your firewall device.

PIX501 is an end-of-sale box so you cannot get an upgrade license anymore.

Bottomline: you will need to buy an ASA instead.

Replacement product is the AS5505 but as your user population has increased, you may consider a 5510 as well.

regards,

Leo

That's what I was wondering.

Any estimate as to how much a AS5505 or AS5510 with unlimited licenses would cost?

Thanks for your reply.

List price for an ASA 5505 with unlimited users is $995.

The 5510 (and higher) series get a lot more complicated with modules and licenses that can be added. You're better off working with Cisco or a reseller who can advise you as to your configuration, but list prices are in the $4000 range.

Actual sale prices vary quite widely.

If you don't mind the old hardware and lack of support, you may be able to find a legitimate reseller who can sell you a Pix with unlimited users license as used equipment. You could then load your current configuration directly on that new hardware.

Review Cisco Networking for a $25 gift card