PIX failover

Lavanholy · ‎10-15-2008

I have two PIX firewall(6.3) configured in failover (LAN failover)mode,now I want to disable the failover and willing to use the PIX firewalls in stand alone mode at two different site.

Is it possible?How to do that?I hope by simply disabling the LAN failover we can use the PIX firewall in stand alone mode Is in it?

Thanks and Regards,

S.Venkataraman

m.sir · ‎10-15-2008

It depends what license is on you failover unit , you can check it with

show version

If its failover you cannot use it as standalone.. you need upgrade it to restricted or to unrestricted license

M.

Hope that helps rate if it does

Lavanholy · ‎10-16-2008

Dear M.Sir,

One of the firewall is having 100 user license and the other one is Fail Over license.How I can use both firewall as the stand alone firewall.What is the procedure?

Please guide me.

Thanks and Regards,

S.Venkataraman.

m.sir · ‎10-16-2008

You need buy at least restricted license after you receive activation key

check this

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00806b1c0f.shtml

M.

Lavanholy · ‎10-16-2008

Hi M.Sir,

The following is the Active Firewall.

Cisco PIX Firewall Version 6.3(5)

Cisco PIX Device Manager Version 3.0(4)

Compiled on Thu 04-Aug-05 21:40 by morlee

MRFHOFIRE up 1 day 22 hours

Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : VAC+ (Crypto5823 revision 0x1)

0: ethernet0: address is 0017.9514.8726, irq 10

1: ethernet1: address is 0017.9514.8727, irq 11

2: ethernet2: address is 000d.8811.d8d0, irq 11

3: ethernet3: address is 000d.8811.d8d1, irq 10

4: ethernet4: address is 000d.8811.d8d2, irq 9

5: ethernet5: address is 000d.8811.d8d3, irq 5

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES-AES: Disabled

Maximum Physical Interfaces: 6

<--- More --->

Maximum Interfaces: 10

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has an Unrestricted (UR) license.

Running Activation Key: 0x08837644 0x7deb2bea 0xfd77c81c 0xda67cef7

Configuration last modified by enable_15 at 17:19:56.818 IST Tue Oct 14 2008

The the following is the Fail Over firewall.

Cisco PIX Firewall Version 6.3(5)

Cisco PIX Device Manager Version 3.0(4)

Compiled on Thu 04-Aug-05 21:40 by morlee

pixfirewall up 46 mins 27 secs

Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : VAC+ (Crypto5823 revision 0x1)

0: ethernet0: address is 0017.9514.8728, irq 10

1: ethernet1: address is 0017.9514.8729, irq 11

2: ethernet2: address is 000d.8811.cec4, irq 11

3: ethernet3: address is 000d.8811.cec5, irq 10

4: ethernet4: address is 000d.8811.cec6, irq 9

5: ethernet5: address is 000d.8811.cec7, irq 5

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES-AES: Disabled

Maximum Physical Interfaces: 6

Maximum Interfaces: 10

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has a Failover Only (FO) license.

Running Activation Key: 0xa0b73dbd 0xe6f0009e 0xacc43ad4 0x269ec60c

Configuration last modified by enable_15 at 12:07:08.309 UTC Mon Oct 13 2008

I need to buy license for both firewall or only for the Fail Over firewall.

Please help me.

Thanks and Regards,

S.Venkataraman.