Solved

PIX 515e license - failover setup problem

Posted on 2006-10-31
3
2,073 Views
Last Modified: 2007-12-19
Hi,
Is there a way to enable DES license on PIX 515e without disabling existing licenses?

We have two PIX 515e one UR, the other is failover. When I tried to setup failover pix I noticed following message on active pix:

"Mate's license (VPN-DES Enabled) is not compatible with my license (VPN-DES Disabled). Failover will be disabled."

Then I did show ver on both pixes:

------------------------------------

Active PIX:

Cisco PIX Security Appliance Software Version 7.0(2)
Device Manager Version 5.0(2)
Compiled on Fri 15-Jul-05 22:55 by builders
System image file is "flash:/pix702.bin"
Config file at boot was "startup-config"

Pix515E up 19 hours 1 min

Hardware:   PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
 0: Ext: Ethernet0           : address is 0016.46c6.cb42, irq 10
 1: Ext: Ethernet1           : address is 0016.46c6.cb43, irq 11
 2: Ext: Ethernet2           : address is 0005.5d18.2cf2, irq 11
 3: Ext: Ethernet3           : address is 0005.5d18.2ac5, irq 10
 4: Ext: Ethernet4           : address is 0005.5d18.267c, irq 9
 5: Ext: Ethernet5           : address is 0005.5d18.28ff, irq 5

Licensed features for this platform:
Maximum Physical Interfaces : 6    
Maximum VLANs               : 25      
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Disabled  
VPN-3DES-AES                : Enabled  
Cut-through Proxy           : Enabled  
Guards                      : Enabled  
URL Filtering               : Enabled  
Security Contexts           : 2        
GTP/GPRS                    : Disabled  
VPN Peers                   : Unlimited  

This platform has an Unrestricted (UR) license.

-----------------------------------------------------------

Standby PIX:

Cisco PIX Security Appliance Software Version 7.0(4)
Device Manager Version 5.0(4)

Compiled on Thu 13-Oct-05 21:43 by builders
System image file is "flash:/image"
Config file at boot was "startup-config"

pixfirewall up 23 mins 50 secs

Hardware:   PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
 0: Ext: Ethernet0           : address is 0016.c8d1.83b1, irq 10
 1: Ext: Ethernet1           : address is 0016.c8d1.83b2, irq 11
 2: Ext: Ethernet2           : address is 000d.8811.7eec, irq 11
 3: Ext: Ethernet3           : address is 000d.8811.7eed, irq 10
 4: Ext: Ethernet4           : address is 000d.8811.7eee, irq 9
 5: Ext: Ethernet5           : address is 000d.8811.7eef, irq 5

Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs               : 25
Inside Hosts                : Unlimited
Failover                    : Active/Standby
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Cut-through Proxy           : Enabled
Guards                      : Enabled
URL Filtering               : Enabled
Security Contexts           : 2
GTP/GPRS                    : Disabled
VPN Peers                   : Unlimited

This platform has a Failover Only-Active/Standby (FO) license.

-------------------

I received activation key from Cisco but based on licenses they listed in e-mail I was not sure it would be a smart idea to activate this key since it could possibly disable some of the existing licenses. These licenses were listed in message I got from Cisco:

Failover                    : Enabled  
VPN-DES                     : Enabled  
VPN-3DES-AES                : Enabled  
FO                          : Disabled  
FO-AA                       : Disabled  
Security Contexts           : 2        
GTP/GPRS                    : Disabled  

Is there a way to enable DES license or make PIXes work in active/standby failover mode without changing licenses for active PIX?

Thanks

P.S. I noticed that OS versions are not 100% same: 7.0(2)  and 7.0(4). Is this an issue for active/standby layout?
0
Comment
Question by:milan_novkovic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17847058
Active and failover absolutely must have same version 100%
The only way to change the enabled/disabled is by activating the new key. By all means, go ahead and load the key that Cisco sent you.
0
 

Author Comment

by:milan_novkovic
ID: 17849026
I managed to activate licence key which had DES and 3DES/AES licences which solved the issue of DES licence being disabled.

Btw, failover is working correctly though PIX OS versions are 7.0(2)  and 7.0(4). I tried switching off and on first the main pix then the failover one and everything worked ok. Guess 7.0(2)  and 7.0(4) versions are not that different to prevent failover from working.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17849086
I still highly advise getting the same version on both.
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Site to Site VPN DNS issue 6 41
Cisco ASA 5510 Question 2 33
DNS issue. Can't add a server to a domain 23 207
3Com 4500G doesn't keep IP configuration 4 15
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question