I try to understand how exactly this limit is working.
this is the spec: "The Cisco PIX 501 10-user license supports up to 10 concurrent source IP addresses from your internal network to traverse through the Cisco PIX 501"
if I have more than 10 internal hosts, how does it work, how does it count a host and for how long would it keep it when idle?
also, I wonder if the internal IP address on PIX count as one of the 10 addresses
A local-host connection on the PIX is a combination of an XLATE (translation) and a CONN (connection).
The PIX-501 with 10-user limit, will allow 10 local-hosts from the inside to the outside.
You can check this with the command: sh local-host
If the inside IP of the PIX, gets translated to the outside and create a local-host, then it will count as 1 user.
If you attempt to pass an 11-user it will not be able to pass through the PIX.
How long will the PIX keeps up the table?
Depends on the timeouts for the XLATE and CONN
Check: sh time