PIX 7.0 failover

Unanswered Question
Jul 4th, 2007
User Badges:
  • Bronze, 100 points or more

Two Pix, running 7.0.

Primary is running UR active/active license, Secondary is running FO active/standby only license.

Both of box cann't talk to each other. and keep complain" remote unit license is different".

Is this caused by the active/standby onlt license on the secondary box ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vitripat Wed, 07/04/2007 - 01:48
User Badges:
  • Gold, 750 points or more

Hi ,


No, this wont be caused due to Primary running on UR-A/A and Secondary on FO-A/S. However, these firewalls can only be configured in Active/Standby failover setup and not Active/Active.


If you need to configure Active/Standby, and are still facing issues with licensing, please post the licensed features on both the devices.


Note: If you are trying to configure failover from ASDM HA Wizard, you might face this issue as there was a bug in ASDM. Alternate way is to configure failover manually via CLI or ASDM.


Hope this helps.


Regards,

Vibhor.

Anonymous (not verified) Wed, 07/04/2007 - 15:02
User Badges:

Actually, i didn't use ASDM to configure instead i use CLI.

Also i configured the peer with active/standby instead of active/active.

please find the following for the license output.

Primary


Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz

Flash E28F128J3 @ 0xfff00000, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB


Encryption hardware device : VAC+ (Crypto5823 revision 0x1)

0: Ext: Ethernet0 : media index 0: irq 10

1: Ext: Ethernet1 : media index 1: irq 11

2: Ext: GigabitEthernet0 : media index 0: irq 10

3: Ext: GigabitEthernet1 : media index 1: irq 5


Licensed features for this platform:

Maximum Physical Interfaces : 10

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Disabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : Unlimited


This platform has an Unrestricted (UR) license.


(standby)


Licensed features for this platform:

Maximum Physical Interfaces : 10

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Standby

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : Unlimited


This platform has a Failover Only-Active/Standby (FO) license.


Serial Number: 810120139

Running Activation Key: xxx

vitripat Thu, 07/05/2007 - 07:32
User Badges:
  • Gold, 750 points or more

Thanks for the outputs. The difference is with "VPN-3DES-AES" license. Notice that this is disabled on Primary but enabled on Secondary PIX:


Primary-

VPN-3DES-AES : Disabled


Secondary-

VPN-3DES-AES : Enabled


This is a free license, all you need to do is fill up a form on following link and register your Primary PIX:


https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet


Once you get the activation-key, you may install it using the "activation-key" command from config mode.


Hope this helps.


Regards,

Vibhor.

Actions

This Discussion