Core issue
This issue occurs due to the presence of Cisco bug ID CSCec15510.
This problem happens when traffic traverses the PIX Firewall, destined for the hosts on the inside network that do not physically exist.
Resolution
As a workaround, perform either of these steps:
- Upgrade the PIX software to version 6.3(3.138) or later.
- Do not send traffic to the hosts that do not exist within the inside segment.
Note: A host is considered active if these two conditions are met:
- The local-host object exists.
- Established TCP connections with the local-host entry are also counted.