Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5505 Host limit

Hey all,

 

I have an ASA with a 50 user limit. Below is the current "Sh local-host" output and I just wanted some clarification on what exactly some of it is. 

 

Detected interface 'outside' as the Internet interface. Host limit applies to all other interfaces.

Current host count: 43, towards licensed host limit of: 50------------------------Counts towards limit
Interface outside: 93 active, 239 maximum active, 1 denied--------------------Does not count
Interface inside: 45 active, 60 maximum active, 4061 denied------------------Does this count towards the limit?
 

 

 

Everyone's tags (1)
4 REPLIES

Here is an explanation about

Here is an explanation about host limit on ASA5505, quoted from here:

In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit when they communicate with the outside (Internet VLAN), including when the inside initiates a connection to the outside as well as when the outside initiates a connection to the inside. Note that even when the outside initiates a connection to the inside, outside hosts are not counted towards the limit; only the inside hosts count. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface associated with the default route is considered to be the outside Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit. In transparent mode, the interface with the lowest number of hosts is counted towards the host limit. See the show local-host command to view host limits.

For a 10-user license, the max. DHCP clients is 32. For 50 users, the max. is 128. For unlimited users, the max. is 250, which is the max. for other models.

HTH,

Silver

For models with host limits,

For models with host limits, In routed mode, hosts on the inside (Work and Home zones) count towards the limit only when they communicate with the outside (Internet zone). Internet hosts are not counted towards the limit. Hosts that initiate traffic between Work and Home are also not counted towards the limit.

The local host table is organized by ASA interface, and then by host IP address. For each
listed interface, a current connection count and the highest connection count seen since
the last reboot are listed, along with a count of any denied connection requests.

Interface inside: 45 active, 60 maximum active, 4061 denied-------------Not counted towards limit.

as the inside host can make connections to DMZ as well which will not count in host count but will increament count on interface inside..

 

HTH

"Please rate helpful posts"

New Member

Ok. Thanks guys!

Ok. Thanks guys!

appreciate if you can rate

appreciate if you can rate helpful posts and mark the post as answered.

624
Views
8
Helpful
4
Replies
CreatePlease to create content