xlates on pix 501

[fs483]

I recently had to upgrade one of my Pix 501 because new users couldn't access the net and discovered that 10 user license limit on the base model. Are the xlates determined by the mac addresses connected to the inside interface ? Most print servers ask if you want to enter a default gateway, if I enter the address of my Pix, will the print server use up one license ? How about remote users from the Internet that connect to a server behind the pix ? Do they take up a license or will only the server take one license ?

 

[AJ1982]

My opinion is 10 is the concurrent connections/users THROUGH the firewall.

So if you STOP your PSERVERS from going out, then you save a lic.

Works for me

Ta

AJ

===

Fatman Superstar (Andrew James)

CCNA, CCAI

 

[fs483]

I'll have to do some tests on my Pix to see if remote users (either VPN or TS) also count as a concurrent user. I highly doubt remote users count because the pix doesn't do filtering at that level...

If I don't enter the default gateway to the Pix from my print server I suppose it won't use a license. However when the print server does a broadcast, I wonder if the Pix picks up that another device exists on the lan an automatically allocate a license to it.

 

[308win]

If I'm not mistaken a clear xlate releases the license count, so a license gets allocated only when a user/device accesses the internet. A broadcast will not eat a license and vpn users will not either.

?

 

[fs483]

True a clear xlates DOES clear the license allocated but it will also destroy any active connections...

 

[tm7wood]

What makes an entry go away? I have a pix that keeps entries in the show local-host that are no longer on the network. These entries are eating up my user licenses.

 

[fs483]

You can reduce the timeout before old xlate records are flushed. I don't remember the command, I'm sure you'll find it in this forum though.

 

[NetworkDOC]

do a cl local-host this will clear those entries.