05-10-2003 09:10 PM - edited 02-20-2020 10:44 PM
One of our customer has pix 501 with 10 license, in sh ver command inside host is 10 and throughput is limited. They had only 5 users, now they have increased to 20 users.
Randomly some times, for some users internet does not work and then starts working after sometime.
Does it have something to do with licenses, do I have to upgrade to 50 licenses.
Thanks,
Sayeed Alhajri.
05-10-2003 10:29 PM
Hi Sayeed,
If you have 10-User License, it supports up to ten concurrent source IP addresses from your internal network to traverse through the PIX 501. The integrated DHCP server supports up to 32 DHCP leases.
So, it is clear from above lines is that if the there are more than 10 people accessing the internet through the PIX 501 firewall will be dropped. To increase no of simultaneous connections I suggest you to buy license. Here you need to take a call, if you feel that 10 or less than that access Internet simultaneously, no need of purchasing licenses.
If you need more information, let me know.
Thank you.
Murthy.
05-14-2003 01:02 AM
I have the same problem but with a PIX 515. What is the possible cause ?
05-14-2003 05:31 AM
It is the limit by CISCO.
05-14-2003 09:21 AM
I don't understand what is the meaning of "Limit by CISCO"
05-20-2003 07:02 PM
it just means - you are getting what you paid for...
if you need more users to go to the Internet (make 'outside' connections), then you have to upgrade the number of users' license...
sometimes even when the 10th person (the previous example) is trying to make an outside connection, he may not succeed..this is because the current xlate sessions have not timed out..
if that 10th person is your boss, you can do a 'clear xlate' to clear all current connections and start new connections...
hope this helps
best regards / Sampath.
07-15-2003 05:38 AM
The best option would be to upgrade your license to 50 users. The only other option would be to reduce your connection timeout to allow the PIX to clear idle connections quicker, but you would still be bound to the 10 ip connections, so your problems will not go away entirely.
02-06-2004 03:12 PM
You can setup your xlate & connection timeouts to a minimum - doing so will enable efficient use of your licensing as it will clear multiple connections from a single user that are idle more frequently. You might have to buy additional licensing in future if everybody is using multiple external connections.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide