Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
354
Views
0
Helpful
4
Replies

licensing for a 501 pix

ptiedemann
Level 1
Level 1

‎10-14-2003 01:05 PM - edited ‎02-20-2020 11:02 PM

My sales rep is telling me that there is an unrestricted user upgrade for a cisco pix 501 but according to the following cisco link there doesn't appear to any such beast. Is there another link someone could send me to clarify this a little bit.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a00800b0d85.html

0 Helpful
4 Replies 4

mostiguy
Level 6
Level 6

‎10-14-2003 01:20 PM

There is, it is the newest license edition to the 501 family. If you are looking at unlimted license though, also price out a 506e. A 506e has a lot more horsepower, and might be worth the extra bucks

0 Helpful

bcturner
Level 1
Level 1
In response to mostiguy

‎10-15-2003 01:37 PM

I've got a similar question about liscensing on the Pix 501. If a person was to put an ACL inbound on the inside interface, would the dropped connections count towards the 10 total IP addresses? I know this is a silly way to use the Pix, but I'm being asked to research this.

0 Helpful

jlebaron
Level 1
Level 1
In response to bcturner

‎10-15-2003 03:43 PM

From what i understand, no, not unless they actually make a 'connection'. If they are not making a connection, then that does not count.

The downside to the 501, is that once it has 10 different hosts that have made a connection, you are maxed out. Even if one of the hosts drops a connection, it does not become available to someone else until you reset the pix. The connection is limited to that address only.

0 Helpful

scoclayton
Level 7
Level 7
In response to jlebaron

‎10-15-2003 07:51 PM

A minor clarification here. The PIX actually counts the local host entries to determine the max number of users. If you deny the packets from hosts before it hits the PIX, then you are fine. The PIX will remove these local hosts (sh local-host) when the xlates and conns are torn down. In most cases, these will be removed if the conns are torn down normally. Even if this does not happen, there are timeouts on the PIX that will delete the xlates and conns should the idle time be reached. Hope this helps clarify a little...

Scott

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card