The PIX 501 Firewall with software version 6.x exceeds the license count, and connections are dropped

Document

Wed, 07/22/2009 - 19:27
Jun 18th, 2009
User Badges:
  • Gold, 750 points or more

Core issue

This issue occurs due to the presence of Cisco bug ID CSCec15510.

This problem happens when traffic traverses the PIX Firewall, destined for the hosts on the inside network that do not physically exist.


Resolution

As a workaround, perform either of these steps:


  • Upgrade the PIX software to version 6.3(3.138) or later.

  • Do not send traffic to the hosts that do not exist within the inside segment.

Note: A host is considered active if these two conditions are met:


  • The local-host object exists.

  • Established TCP connections with the local-host entry are also counted.
Loading.

Actions

This Document

Related Content