As far as I know, the pix uses either the "translation" or the "connection" table for that purpose (I'm not sure which one).
Each internal host that has a translation entry in the table, is counted.
You can look at these tables from the pix CLI:
A host that has more then 1 connection/translation, is still counted as a single host.
External hosts do not count (no limit on external hosts count, only internal, this is obvious).
If you have more then 10 hosts in the internal network, it is recommended that hosts that do not need to access the Internet, will not have a default gateway, and will not have a DNS server (unless you have an internal DNS server).
> Is there a way to set the timeout for concurrent sessions?
I'm not sure, but you can try to configure the "xlate" timeouts.
However it is not so practical to manage a pix-501 for a network with more then the licensed hosts, and you should expect problems with such configuration.
The best way to avoid this is either to purchase the needed licenses, or not to configure default gateway for hosts that do not need it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...