RE: PIX denying connection due to license limits...

["Noonan, Wesley" <Wesley_Noonan () bmc com>]

I understand how it works. What I am saying is that the addresses that it is
showing as being connected, don't exist. Nothing is, and nothing has ever
had that address. This is not a case of "something was at that address, but
isn't any more". Nothing has ever used that address. That is what I am
trying to figure out. How is the PIX winding up with these "ghost"
connections...

Thanks.

Wes Noonan, MCSE/CCNA/CCDA/NNCSS/Security+
Senior QA Rep.
BMC Software, Inc.
(713) 918-2412
wnoonan () bmc com
http://www.bmc.com


> -----Original Message-----
> From: Doug Sax [mailto:dsax () syseng com]
> Sent: Wednesday, February 05, 2003 06:19
> To: Noonan, Wesley; firewall-wizards () honor icsalabs com
> Subject: RE: [fw-wiz] PIX denying connection due to license limits...
>
> On Tuesday, February 04, 2003 W. Noonan Said:
>
> > a PIX 501 running PIXOS 6.2(2) is denying outbound connections because
> the license limit has been reached. Upon running "Show local-host" there
> are 6
> > addresses listed that nothing is actually using.
>
> A PIX will keep the MAC addresses of previously connected systems in
> memory until you reboot it. If you reach the license limit, no
> additional systems will be allowed access through it. It doesn't care
> that a system previously connected is no longer connected or even up.
> Resetting the PIX will clear the memory and at that point it's first
> come first served regarding connected systems and access. If you have
> less than 10 systems using the 501 as a gateway and you're still having
> problems, look for other devices like Jet Direct print servers etc. and
> remove the gateway statement.
>
> Douglas Sax MCSE, CCNA, CCDA, GSEC
> Systems Engineering, Inc
> 207.772.3199
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards