07-04-2007 12:46 AM - edited 03-11-2019 03:39 AM
Two Pix, running 7.0.
Primary is running UR active/active license, Secondary is running FO active/standby only license.
Both of box cann't talk to each other. and keep complain" remote unit license is different".
Is this caused by the active/standby onlt license on the secondary box ?
07-04-2007 01:48 AM
Hi ,
No, this wont be caused due to Primary running on UR-A/A and Secondary on FO-A/S. However, these firewalls can only be configured in Active/Standby failover setup and not Active/Active.
If you need to configure Active/Standby, and are still facing issues with licensing, please post the licensed features on both the devices.
Note: If you are trying to configure failover from ASDM HA Wizard, you might face this issue as there was a bug in ASDM. Alternate way is to configure failover manually via CLI or ASDM.
Hope this helps.
Regards,
Vibhor.
07-04-2007 03:02 PM
Actually, i didn't use ASDM to configure instead i use CLI.
Also i configured the peer with active/standby instead of active/active.
please find the following for the license output.
Primary
Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
0: Ext: Ethernet0 : media index 0: irq 10
1: Ext: Ethernet1 : media index 1: irq 11
2: Ext: GigabitEthernet0 : media index 0: irq 10
3: Ext: GigabitEthernet1 : media index 1: irq 5
Licensed features for this platform:
Maximum Physical Interfaces : 10
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Disabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.
(standby)
Licensed features for this platform:
Maximum Physical Interfaces : 10
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has a Failover Only-Active/Standby (FO) license.
Serial Number: 810120139
Running Activation Key: xxx
07-05-2007 07:32 AM
Thanks for the outputs. The difference is with "VPN-3DES-AES" license. Notice that this is disabled on Primary but enabled on Secondary PIX:
Primary-
VPN-3DES-AES : Disabled
Secondary-
VPN-3DES-AES : Enabled
This is a free license, all you need to do is fill up a form on following link and register your Primary PIX:
https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet
Once you get the activation-key, you may install it using the "activation-key" command from config mode.
Hope this helps.
Regards,
Vibhor.
07-04-2007 02:01 AM
yes
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: