Pix License - UR changed to FO after 3DES/AES upgrade

Unanswered Question

The Pix525 had FO enabled in A/A mode with an UR license when I bought it. It is not meant for FO setup and I want to use 3DES for VPN. The activation-key process went fine except for saying about Failover being different. After the reboot the box is showing "This platform has a Failover Only-Active/Standby (FO) license". Is this normal? does it mean I have to live without 3DES?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Loading.

the following is the show ver after the upgrade:



Cisco PIX Security Appliance Software Version 8.0(4)


Device Manager Version 5.2(2)



Compiled on Thu 07-Aug-08 19:42 by builders


System image file is "flash:/pix804.bin"


Config file at boot was "startup-config"



pixfirewall up 11 hours 13 mins



Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz


Flash E28F128J3 @ 0xfff00000, 16MB


BIOS Flash E28F400B5T @ 0xfffd8000, 32KB



Encryption hardware device : VAC+ (Crypto5823 revision 0x1)


0: Ext: Ethernet0 : address is 0002.b945.a7db, irq 10


1: Ext: Ethernet1 : address is 0002.b945.a7dc, irq 11


2: Ext: Ethernet2 : address is 00e0.b602.7949, irq 11


3: Ext: Ethernet3 : address is 00e0.b602.7948, irq 10


4: Ext: Ethernet4 : address is 00e0.b602.7947, irq 9


5: Ext: Ethernet5 : address is 00e0.b602.7946, irq 5


<--- More --->


Licensed features for this platform:


Maximum Physical Interfaces : 10


Maximum VLANs : 100


Inside Hosts : Unlimited


Failover : Active/Standby


VPN-DES : Enabled


VPN-3DES-AES : Enabled


Cut-through Proxy : Enabled


Guards : Enabled


URL Filtering : Enabled


Security Contexts : 2


GTP/GPRS : Disabled


VPN Peers : Unlimited



This platform has a Failover Only-Active/Standby (FO) license.



Serial Number: 480480115


Running Activation Key: 0xfc134f51 0x2010325f 0xf0c03580 0xb7887034 0x8e33d38a


Configuration last modified by enable_15 at 04:13:23.128 UTC Fri Aug 29 2008



this is the Licensed features for this platform before the upgrade:


Maximum Physical Interfaces : 10


Maximum VLANs : 100


Inside Hosts : Unlimited


Failover : Active/Active


VPN-DES : Enabled


VPN-3DES-AES : Disabled


Cut-through Proxy : Enabled


Guards : Enabled


URL Filtering : Enabled


Security Contexts : 2


GTP/GPRS : Disabled


VPN Peers : Unlimited


This platform has an Unrestricted (UR) license.


Even the Failover changed from Active/Active to Active/Standby. Isnt it weird?


Out of curiosity I tried turn on failover and the screen says it is a standby license and will reload every 24 hours.

cisco24x7 Fri, 08/29/2008 - 10:51
User Badges:
  • Silver, 250 points or more

I did run into the exact situation like yours

a couple years ago. When I upgraded the Pix

535 from 6.x to 7.x, the feature goes from UR

to FO. I had to open a Cisco TAC case for this

and it took them a while to figure it out.


I don't know if you notice this but with

version 7.x on the Pix, for some Pix firewalls,

you will see a 4 tuple keys while on other

pix firewalls, you will 5 tuple keys. Very

strange.

Actions

This Discussion