Detected interface 'outside' as the Internet interface. Host limit applies to all other interfaces.
Current host count: 10, towards licensed host limit of: 10
Interface outside: 36 active, 707 maximum active, 7941 denied
Interface inside: 4 active, 10 maximum active, 17720 denied
I only have two interfaces (inside and outside). How can the inside active count be 4 but the current host count be 10? Is there a timeout on the current host count? Outside of using 'clear local-host', how does the host count decrease?
My original problem was that I was exceeding the local host license limit (10). After a TAC case, it was determined that bug ID CSCsk49506 was causing my trouble. I removed the 'same-security-traffic permit intra-interface' command. This solved my trouble. In my research, I believe the license count is calculated with the use of two syslog messages: 609001 (Built local-host) and 609002 (Teardown local-host).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...