10-02-2007 09:36 AM - edited 02-21-2020 01:42 AM
I am receive syslog message 450001 - licensed host limit was exceeded.
From show version on my ASA 5505 (8.0.2), inside hosts are limited to 10. The limit of 10 matches the syslog error limit (10) message.
How is this number of hosts calculated? Show arp indicates 6 addresses attached to the inside interface.
Solved! Go to Solution.
10-03-2007 06:02 AM
Hi,
Don't use "show arp", use "show local-host" instead.
Excerpt from http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/specs.pdf
In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit only when they communicate with the outside (Internet VLAN).
Internet hosts are not counted towards the limit. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface
associated with the default route is considered to be the Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit.
In transparent mode, the interface with the lowest number of hosts is counted towards the host limit. See the show local-host command to view the host
limits.
Regards,
Dandy
10-03-2007 06:02 AM
Hi,
Don't use "show arp", use "show local-host" instead.
Excerpt from http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/specs.pdf
In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit only when they communicate with the outside (Internet VLAN).
Internet hosts are not counted towards the limit. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface
associated with the default route is considered to be the Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit.
In transparent mode, the interface with the lowest number of hosts is counted towards the host limit. See the show local-host command to view the host
limits.
Regards,
Dandy
10-03-2007 06:24 AM
Thanks, good information.
From my ASA
ciscoasa# show local-host
Detected interface 'outside' as the Internet interface. Host limit applies to all other interfaces.
Current host count: 10, towards licensed host limit of: 10
Interface outside: 36 active, 707 maximum active, 7941 denied
Interface inside: 4 active, 10 maximum active, 17720 denied
I only have two interfaces (inside and outside). How can the inside active count be 4 but the current host count be 10? Is there a timeout on the current host count? Outside of using 'clear local-host', how does the host count decrease?
10-17-2007 06:21 AM
My original problem was that I was exceeding the local host license limit (10). After a TAC case, it was determined that bug ID CSCsk49506 was causing my trouble. I removed the 'same-security-traffic permit intra-interface' command. This solved my trouble. In my research, I believe the license count is calculated with the use of two syslog messages: 609001 (Built local-host) and 609002 (Teardown local-host).
05-24-2013 09:13 AM
I also had the same issue with v8.4.6. An upgrade to v9.1.3 solved the issue. I also was not able to traverse the internal network after making a remote-access VPN connection using Cisco VPN Client.
I am not aware of a bug id for this issue, but moving off of v8.4.6 seemed to fix it right away.
10-23-2019 09:43 AM
we also just had the same issue with v8.4.6 after the ASA rebooted (although it worked with it before) and indeed upgrade to v9.1.7 solved the issue in our case
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: