Solved

PIX Boot Error ERROR: Command requires failover license

Posted on 2006-06-14
11
1,391 Views
Last Modified: 2013-11-16
when the PIX 525 boots I see this error, here is the config. How do I remove these errors? I don't see what might be causing them
Partial config below

ftp mode passive
pager lines 24
mtu outside 1500
mtu www 1500
mtu intf2 1500
mtu intf3 1500
mtu intf4 1500
mtu inside 1500
ERROR: Command requires failover license
ERROR: Command requires failover license
asdm image flash:/asdm
asdm location 192.168.6.0 255.255.255.0 inside
asdm history enable
arp timeout 14400

0
Comment
Question by:questfar
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 9

Expert Comment

by:stressedout2004
Comment Utility
Under configuration mode, run this command:

no failover
wr mem

Then try to reboot it and see if the error goes away.
0
 

Author Comment

by:questfar
Comment Utility
I receive

command requires failover license

this a restricted bundle with no failover, upgraded the OS from the factory 6.3 to 7.04
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
Comment Utility
I would suggest that you copy the config to a PC, you need a tftp server, edit the file and remove offending commands and then copy the file back.

0
 
LVL 9

Expert Comment

by:stressedout2004
Comment Utility
Can you run the command "show running-config all failover" and post the output.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
It's legacy leftover stuff from the 6.x upgrade config.
It is nothing to worry about and should go away after you save the config in 7. format (just save what you have) and reboot.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 5

Expert Comment

by:renill
Comment Utility
post the full configuration
** sanitise the nessacary ****
i believe you had gone for connecting a failover  cable or tried failover in a restricted license.

renill
0
 
LVL 5

Expert Comment

by:renill
Comment Utility
failover license wont come with upgrading your ios.
this comes as a different bundle.

One of the failover units must have an Unrestricted license (UR), while the other can have a Failover (FO) or UR license. Restricted units cannot be used for failover and two units with FO licenses cannot be used in a single failover pair. The PIX 515, PIX 515E, PIX 525, and PIX 535 can be used for failover if you have the optional Unrestricted (UR) license.
Neither PIX 501 or PIX 506/506E units can be used for failover, either as the primary or secondary unit.

Pls go through this document..Might help you out
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a00800b0d85.html


renill
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
lrmoore is correct.  Once you save the config the messages should go away.
0
 

Author Comment

by:questfar
Comment Utility
giltrjr's suggestion to remove the lines was the only way to resolve this, I tried the save but they were always there.

I copied the config back after removing the lines and then issued a copy file startup-config, reloaded and errors gone.

Thanks
0
 

Author Comment

by:questfar
Comment Utility
Well, here's another wrinkle. The error is back. It seems that when I launch ASDM and make any changes and save the file back, something in ASDM is causing those errors. When I launched ASDM and it loaded the config into the interface, the only thing I changed was the domain name. I saved the back to the PIX and then issued a sh config and the errors were back. I think I'll contact CISCO on this.
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Can you hear me scratching my head?  Somewhere, obviously, ASDM thinks you want to run in failover mode.  We don't use ASDM to configure our firewalls and we are UR/FO so can't help you much more.  Hopefully Cisco can help.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco C3750X Switch 19 72
Configuring EIGRP with neighbor command 25 39
Cisco vlan question 12 36
Cisco ASA5508-X vs Barracuda X200 2 18
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now