Pix 501 VPN License Issue - Not freeing License

Discussion in 'Cisco' started by Jens Haase, Jan 29, 2004.

  1. Jens Haase

    Jens Haase Guest

    Hi,
    I have a Pix 501 with 50 User License.
    There are 10 VPN Peers allowed.
    Users are dialing in using the Cisco VPN Client and Internet Dialup
    Connections with dynamic IP.
    After a couple of weeks the PIX does not allow any connections anymore and
    says, that the maximum number of VPN peers has been reached.
    I assume it has to do with the users not terminating their VPN connection
    properly and just terminating the Internet access.
    Is there a way to free those connections besides booting the pix?
     
    Jens Haase, Jan 29, 2004
    #1
    1. Advertisements

  2. :I have a Pix 501 with 50 User License.
    :There are 10 VPN Peers allowed.
    :Users are dialing in using the Cisco VPN Client and Internet Dialup
    :Connections with dynamic IP.
    :After a couple of weeks the PIX does not allow any connections anymore and
    :says, that the maximum number of VPN peers has been reached.
    :I assume it has to do with the users not terminating their VPN connection
    :properly and just terminating the Internet access.

    Are you using IPSec? If so then perhaps you should shorten the
    lifetime so that the PIX drops the connections itself.

    :Is there a way to free those connections besides booting the pix?

    clear ipsec sa

    As I recall, there is also a variant way to clear a specific SA.

    Also, which PIX version are you using? 6.2(2) and previous had
    a bug in timing out xlates that could potentially lead to what
    you are seeing.
     
    Walter Roberson, Jan 29, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.