Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

User Licensing PIX 501--I'm confused about meaning...

Status
Not open for further replies.
JMCraig

JMCraig

Programmer
Feb 20, 2002
217
0
0
US
Hi Folks,

I bought the PIX 501 w/ 10 user licenses on the advice of the folks who run the colocation facility in which I put my client's gear. Well, I interpreted 10-users as referring to hosts protected by the firewall (not incoming connections). So then I get the docs and it says (p. 9 of Quick Start Guide booklet) what it considers a "host" and now I'm not sure. Here's the text from the booklet:

Active Host Limitation
The PIX 501 supports up to 32 DHCP address leases with a 10-user license, up to 128 with an optional 50-user license, and 256 with an unlimited license. A host is considered active when any of the following statements are true:
[ul]
[li]The host has passed traffic through the PIX Firewall in the last 30 seconds.[/li]
[li]The host has an established NAT/PAT translation through the PIX firewall.[/li]
[li]The host has an established TCP connection or UDP session through the PIX firewall.[/li]
[li]The host has an established user authentication through the PIX firewall.[/li]
[/ul]
Click to expand...

OK, so we're talking about DHCP limitations and NAT/PAT. Clearly those issues refer only to boxes behind the firewall, not on the WAN side, right? So does the whole question have to do with boxes talking to the switch ports, not coming in from the WAN port? But hosts from outside also "pass traffic through the PIX Firewall" and, at least in my application, "have established TCP connections" (more than a hundred of these isn't uncommon). Since it's allowing this number of outside connections to come in, does that mean I'm in the clear?

So, can someone shed some light on this? And, in particular, is there any way to see how many "hosts" the PIX thinks are in operation at the moment?

Thanks for any input. I'm just going to see what other docs I can discover in the Cisco labrinth, I mean site....


John Craig
Alpha-G Consulting, LLC
 
Sort by date Sort by votes
Ha! Finally ran it down. This extremely clear statement is from the PIX 501 Datasheet on the website (emphasis added):

10-User License
The Cisco PIX 501 10-user license supports up to 10 concurrent source IP addresses from your internal network to traverse through the Cisco PIX 501. The integrated DHCP server supports up to 32 DHCP leases. As your needs grow, both 50 user and unlimited user upgrade licenses are available, allowing you to extend your investment in Cisco PIX 501 equipment.
Click to expand...

Thanks to any who looked!

John Craig
Alpha-G Consulting, LLC
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
34
xwray
xwray
GeorgeAlba
  • Locked
  • Question
What do you think about this proxy
Replies
0
Views
53
GeorgeAlba
GeorgeAlba
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
167
Shmid
Shmid
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
42
brownmab53
brownmab53
Modem80
  • Locked
  • Question
Novice SonicOS user, need routing help
Replies
2
Views
47
Modem80
Modem80

Part and Inventory Search

Sponsor

Back
Top