Cisco PIX Licenses Used Up

[AJ1982]

Hello,

When a connection is made through the firewall, this uses a PIX license.

Is there anyway to reduce the time before the license is released back into the wild so to speak. We are running a weird environment with 15 students and 10 licenses.

Thanks

AJ

===

Fatman Superstar (Andrew James)

CCNA,
(CCNA Cisco Academy Instructor Trained)

 

[BuckWeet]

reduce the tcp/udp connection timers, that should help..


BuckWeet

 

[chicocouk]

Don't think it will. As far as I know, the only way to release use of a licence is to reboot the PIX.

I believe it logs the mac addresses, once ten are logged no others are let through till it's rebooted.

If anyone knows differently, i'd be interested to hear ...

 

[AJ1982]

I turned down some timeout xlate figures and the licenses release after one minute, sorted.

Ta

AJ

===

Fatman Superstar (Andrew James)

CCNA,
(CCNA Cisco Academy Instructor Trained)

 

[themut]

BuckWeet is right reducing the timeout conn and timeout udp should release the local-host entry some time later after it times out.

The PIX 501 uses the local-host entries to count the user license. The local-host entry times out about 30 seconds after all xlate entries have timed out for a host. If the connection hasn't timed out it keeps the xlate timer alive.

If you modify the timeout conn and timeout udp make sure the xlate time out is greater than them.
Hope it makes sense...

 

[AJ1982]

Thanks, Ive taken the xlate and conn down to about 1 minute each. Ill check the udp as well, thanks for the information.

Ta

AJ

===

Fatman Superstar (Andrew James)

CCNA,
(CCNA Cisco Academy Instructor Trained)

 

[chicocouk]

Good to know, we come up against this problem every now and then with some of our smaller customers. I was under the impression a reboot was required. Cheers.