cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
341
Views
0
Helpful
4
Replies

PIX 7.0 failover

admin_2
Level 3
Level 3

Two Pix, running 7.0.

Primary is running UR active/active license, Secondary is running FO active/standby only license.

Both of box cann't talk to each other. and keep complain" remote unit license is different".

Is this caused by the active/standby onlt license on the secondary box ?

4 Replies 4

vitripat
Level 7
Level 7

Hi ,

No, this wont be caused due to Primary running on UR-A/A and Secondary on FO-A/S. However, these firewalls can only be configured in Active/Standby failover setup and not Active/Active.

If you need to configure Active/Standby, and are still facing issues with licensing, please post the licensed features on both the devices.

Note: If you are trying to configure failover from ASDM HA Wizard, you might face this issue as there was a bug in ASDM. Alternate way is to configure failover manually via CLI or ASDM.

Hope this helps.

Regards,

Vibhor.

Not applicable

Actually, i didn't use ASDM to configure instead i use CLI.

Also i configured the peer with active/standby instead of active/active.

please find the following for the license output.

Primary

Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz

Flash E28F128J3 @ 0xfff00000, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : VAC+ (Crypto5823 revision 0x1)

0: Ext: Ethernet0 : media index 0: irq 10

1: Ext: Ethernet1 : media index 1: irq 11

2: Ext: GigabitEthernet0 : media index 0: irq 10

3: Ext: GigabitEthernet1 : media index 1: irq 5

Licensed features for this platform:

Maximum Physical Interfaces : 10

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Disabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : Unlimited

This platform has an Unrestricted (UR) license.

(standby)

Licensed features for this platform:

Maximum Physical Interfaces : 10

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Standby

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : Unlimited

This platform has a Failover Only-Active/Standby (FO) license.

Serial Number: 810120139

Running Activation Key: xxx

Thanks for the outputs. The difference is with "VPN-3DES-AES" license. Notice that this is disabled on Primary but enabled on Secondary PIX:

Primary-

VPN-3DES-AES : Disabled

Secondary-

VPN-3DES-AES : Enabled

This is a free license, all you need to do is fill up a form on following link and register your Primary PIX:

https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet

Once you get the activation-key, you may install it using the "activation-key" command from config mode.

Hope this helps.

Regards,

Vibhor.

zulqurnain
Level 3
Level 3

yes

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: