Pix License - UR changed to FO after 3DES/AES upgrade

Unanswered Question

The Pix525 had FO enabled in A/A mode with an UR license when I bought it. It is not meant for FO setup and I want to use 3DES for VPN. The activation-key process went fine except for saying about Failover being different. After the reboot the box is showing "This platform has a Failover Only-Active/Standby (FO) license". Is this normal? does it mean I have to live without 3DES?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Loading.

the following is the show ver after the upgrade:

Cisco PIX Security Appliance Software Version 8.0(4)

Device Manager Version 5.2(2)

Compiled on Thu 07-Aug-08 19:42 by builders

System image file is "flash:/pix804.bin"

Config file at boot was "startup-config"

pixfirewall up 11 hours 13 mins

Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz

Flash E28F128J3 @ 0xfff00000, 16MB

BIOS Flash E28F400B5T @ 0xfffd8000, 32KB

Encryption hardware device : VAC+ (Crypto5823 revision 0x1)

0: Ext: Ethernet0 : address is 0002.b945.a7db, irq 10

1: Ext: Ethernet1 : address is 0002.b945.a7dc, irq 11

2: Ext: Ethernet2 : address is 00e0.b602.7949, irq 11

3: Ext: Ethernet3 : address is 00e0.b602.7948, irq 10

4: Ext: Ethernet4 : address is 00e0.b602.7947, irq 9

5: Ext: Ethernet5 : address is 00e0.b602.7946, irq 5

<--- More --->

Licensed features for this platform:

Maximum Physical Interfaces : 10

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Standby

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : Unlimited

This platform has a Failover Only-Active/Standby (FO) license.

Serial Number: 480480115

Running Activation Key: 0xfc134f51 0x2010325f 0xf0c03580 0xb7887034 0x8e33d38a

Configuration last modified by enable_15 at 04:13:23.128 UTC Fri Aug 29 2008

this is the Licensed features for this platform before the upgrade:

Maximum Physical Interfaces : 10

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Disabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : Unlimited

This platform has an Unrestricted (UR) license.

Even the Failover changed from Active/Active to Active/Standby. Isnt it weird?

Out of curiosity I tried turn on failover and the screen says it is a standby license and will reload every 24 hours.

cisco24x7 Fri, 08/29/2008 - 10:51

I did run into the exact situation like yours

a couple years ago. When I upgraded the Pix

535 from 6.x to 7.x, the feature goes from UR

to FO. I had to open a Cisco TAC case for this

and it took them a while to figure it out.

I don't know if you notice this but with

version 7.x on the Pix, for some Pix firewalls,

you will see a 4 tuple keys while on other

pix firewalls, you will 5 tuple keys. Very

strange.

Actions

This Discussion