We have a 10 user license PIX 501

I was informed that the 10 user license is only for VPN tunnels, which will suit us fine. But could you confirm that the 10 user licence WILL actually restrict a max of 10 (non-vpn) outbound connections to the internet?

If you confirm, I'll upgrade.

Thanks!!!

Chris

No, it is my understanding that 10 vpn tunnels (increased from 5 in the 6.3 code) is a limit for the entire 501 platform, regardless of user license - this is probably a good idea because the 501 is only a 5x86 133mhz cpu = no much horsepower for doing lots and lots of tunnels.

User license limitations restrict how many IP addresses from behind the pix make connections outbound - 10 active network devices = 10 users.

Interesting point...what if you are not using the PIX501 as eg DHCP server and just as a gateway..the pix won't know how many clients there are on the LAN and will forward internet traffic regardless?

Steve

Not quite. Any traffic that is going through the PIX out to the Internet will count against a license, even if your not using the PIX as the DHCP server.

This is because the PIX has to build an xlate for the Internal host to external port or IP (NAT/PAT). When it does this, it keeps track of how many connections is has stored.

You could have more computers than the number of licenses on the Internal network, just as long as they don't all need Internet access at the same time.

-Joshua