Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1531
Views
0
Helpful
5
Replies

Cisco ASA 5505 host license count?

m1xed0s
Spotlight
Spotlight

‎05-27-2014 05:16 AM - edited ‎03-11-2019 09:14 PM

Hi,

I have a ASA 5505 with base 50-user license deployed for a 15 people branch office. But recently ASA started to block internal host since license reached MAX 50.

I did show local-host on ASA and then manually filtered output in spreadsheet and there are only about 20 individual internal IP addresses.

According to Cisco,

In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit when they communicate with the outside (Internet VLAN), including when the inside initiates a connection to the outside as well as when the outside initiates a connection to the inside. Note that even when the outside initiates a connection to the inside, outside hosts are not counted towards the limit; only the inside hosts count. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface associated with the default route is considered to be the outside Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit. In transparent mode, the interface with the lowest number of hosts is counted towards the host limit. See the show local-host command to view host limits.

 

So individual internal IP address will be counted against license on ASA, right? Then where are the other 30 hosts? The ASA is running 8.2(5).

 

Thanks,

/S

Labels:
0 Helpful
5 Replies 5

Marius Gunnerud
VIP
VIP

‎05-27-2014 05:31 AM

Are you using hairpinning?  If so, you might be running into this bug: https://tools.cisco.com/bugsearch/bug/CSCsk49506

--

Please remember to select a correct answer and rate

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

m1xed0s
Spotlight
Spotlight
In response to Marius Gunnerud

‎05-27-2014 06:06 AM

Thanks, We do not have the hairpinning setup for the branch...plus the defect is on 8.0 code and we are running 8.2(5).

 

0 Helpful

Marius Gunnerud
VIP
VIP
In response to m1xed0s

‎05-27-2014 06:17 AM

The 8.0 code only means that is the code that it has been reported in...doesn't necessarily mean that it is not found in the 8.2 code...but since you are not doing hairpinning this bug doesn't relate to your issue anyway.

Do your users connect their mobile phones and Tabs to the network as well?  How many printers, servers, and any other none user devices connect to the network?

--

Please remember to select a correct answer and rate

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

m1xed0s
Spotlight
Spotlight
In response to Marius Gunnerud

‎05-27-2014 06:33 AM

Not many phone/tablets...

Digged deeper and manually filter again with output from show local brief connection, it shows about pretty much all the IP from DHCP pool are there... Either the ASA is crazy or there is a device exhausting dhcp pool internally, I think...

0 Helpful

Marius Gunnerud
VIP
VIP
In response to m1xed0s

‎05-27-2014 06:48 AM

Is it the ASA that is the DHCP server?  If so, issue the show dhcp binding

If not have a look on the DHCP server and see if a single host is taking up the IPs.

--

Please remember to select a correct answer and rate

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card