Here’s a lesson we learned the hard way. We have a remote site that has a PIX 501 installed using VPN to connect back to our main site to a PIX 506. It worked great for about a month and then we began having problems.
For some reason random computers behind the PIX 501 would stop communicating to the internet. We beat our heads against the wall, went to the remote site and just couldn’t get it figured out. We would reboot the PIX and things seemed to start working only to randomly quit hours later. For some strange reason checking the log on the PIX had slipped my mind. When I did finally type ‘show log’. The light came on and the angels sang ‘Halleluiah’. Hidden between the ‘Built inbound TCP connection…’ and ‘Teardown TCP connection…’ lines was the magic info that we desperately needed. ‘host blocked…license limit exceeded.’ As soon as I saw that I realized what was going on. The PIX 501 has a 10 user limit. My thought on it was that the limit was on 10 VPN connections either outbound or inbound. The limit is actually 10 hosts communicating through the PIX. So, we called our favorite hardware and software vendor overnighted a license upgrade to increase the limit from 10 to 50. We’ve gone a full day with no phone calls so far! Kind of a wierd problem and something we should have picked up on on earlier but, that’s the way things go in the tech world sometimes!