Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX-501 10 user

PIX-501 with 10 user license.

How does the PIX track the sesions? MAC Address?

What is the timeout so next user can get in?

Is there a way to set the timeout for concurrent sessions?

Thanks,

Bob

2 REPLIES
New Member

Re: PIX-501 10 user

HI.

As far as I know, the pix uses either the "translation" or the "connection" table for that purpose (I'm not sure which one).

Each internal host that has a translation entry in the table, is counted.

You can look at these tables from the pix CLI:

show xlate

show conn

A host that has more then 1 connection/translation, is still counted as a single host.

External hosts do not count (no limit on external hosts count, only internal, this is obvious).

If you have more then 10 hosts in the internal network, it is recommended that hosts that do not need to access the Internet, will not have a default gateway, and will not have a DNS server (unless you have an internal DNS server).

> Is there a way to set the timeout for concurrent sessions?

I'm not sure, but you can try to configure the "xlate" timeouts.

However it is not so practical to manage a pix-501 for a network with more then the licensed hosts, and you should expect problems with such configuration.

The best way to avoid this is either to purchase the needed licenses, or not to configure default gateway for hosts that do not need it.

Yizhar

Re: PIX-501 10 user

Bob,

the PIX uses the 'show local' table to count the user limit.

Kind Regards,

Tom

95
Views
0
Helpful
2
Replies