PIX515E with FO license: Crypto key gone once pix rebooted

Unanswered Question
Sep 29th, 2010
User Badges:

Hi.. i'm facing a problem with my PIX515E with FO license. Each time my firewall reboot, my crypto key for ssh is gone hence i'm unable to use ssh as my remote access method. Is it part of PIX515E FO license limitation? appreciate that someone can give me an answer. thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Wed, 09/29/2010 - 22:09
User Badges:
  • Cisco Employee,

What version is your PIX firewall?

If it's version 6.3 and earlier: "ca save all" on the failover PIX, as that will save the key.

If it's version 7.0 and later: "wr mem" on the failover PIX, as that will save the key.


Hope that helps.

edmand.hon Wed, 09/29/2010 - 22:27
User Badges:

It is PIX version 8.0(4)

generate crypto key by using command "crypto key generate rsa modulus 1024".


I did write memory but the problem still persist.


any different between"write" command and "write memory" command? usually, i just type "wr" to save the config.

Jennifer Halim Wed, 09/29/2010 - 22:37
User Badges:
  • Cisco Employee,

"wr" and "wr mem" is the same command.


Do you perform "wr" on the Active firewall, or on both Active and Standby firewall?

edmand.hon Wed, 09/29/2010 - 22:39
User Badges:

Hi... my Active firewall is faulty and will take some time for me to source for a new PIX unless i migrate it to ASA5500.. currently, my FO PIX is running as standalone..

Jennifer Halim Thu, 09/30/2010 - 00:51
User Badges:
  • Cisco Employee,

FYI - PIX515E is also already EOL, so depending on whether you have smartnet contract already for the faulty device or not. If you don't have smartnet for the faulty device, you can't get replacement for the PIX515E anymore. If you have existing smartnet contract, then you can get the faulty PIX RMA.


Here is the EOL notification for your reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_eol_notice0900aecd8073fa36.html


You might want to consider migrating to ASA firewall anyway.

Actions

This Discussion