Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
669
Views
4
Helpful
5
Replies

PIX 515e 6.3 to 7.0 Failover disable

bws
Level 1
Level 1

‎04-12-2007 04:08 AM - edited ‎03-11-2019 02:59 AM

hi,

i was running a failover set of pix515e version 6.3(4). I upgraded my device to 7.1 and now i failover is disabled. I get the asdm syslog messages:

(Primary) Disabling failover

(Primary) Mate license (VPN-3DES-AES Enabled) is not compatible with my license(VPN-3DES-AES Disabled)

pls comments

Labels:
0 Helpful
5 Replies 5

mark.hodge
Level 1
Level 1

‎04-12-2007 07:20 AM

Check the software on both devices "show ver" and ensure that the encryption level is the same on both. I would suspect the primary device hasn't been upgraded.

If it is upgrade ASDM on both, I have had issues where the compatability checks gave incorect errors.

0 Helpful

bws
Level 1
Level 1
In response to mark.hodge

‎04-13-2007 02:59 AM

hi Mark,

i've turned off failover box still getting the error. pls find attached file of show version and show run.

regs,

21773-fw.log
0 Helpful

mark.hodge
Level 1
Level 1
In response to bws

‎04-17-2007 10:32 AM

Adil,

from your "sh ver" I see

VPN-3DES-AES : Disabled

I would strongly suspect it is Enabled on the other device.

You will need a CCO ID, but you can register for a free upgrade, assuming you are in a country where shuch encryption is legal.

This link might work

https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?DemoKeys=Y

If not

www.cisco.com->login

Software Downloads->Cisco Secure Software

PIX Security Appliance Software

*FREE* Reguister for PIX DES or 3DES/AES IPsec software feature keys

You don't have a PAK so "click here for available licenses"

Under Security Products select the licence you want, and then fill in all the paperwork.

You will need to enter the new license and then reboot, which will cause an interupt to service as you have turned off the secondary device. Once the reboot has completed turn the secondary back on and all should be well.

bws
Level 1
Level 1
In response to mark.hodge

‎04-17-2007 08:40 PM

Hi,

you are right, but can you tell me how can i disable 3des encryption on the other device so that i've same settings on both device. i want to do like this becasue my device has 64 mb of ram and 3des requires 128mb ram.

thanks

0 Helpful

mark.hodge
Level 1
Level 1
In response to bws

‎04-18-2007 03:15 AM

Never done it, but you should be able to request a DES license for the secondary in the same way.

I don't have a device handy to check, but I am 99% sure that you can have a 3DES license on a 64 MB device, the only requirement for 128 MB is Version 7 software.

*please rate previous posts if they are/were helpfull*

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card