cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
655
Views
0
Helpful
8
Replies

FWSM Invalid Activation-Key

talha_490
Level 1
Level 1

I have to configure Intra-switch FWSM Failover. i configured it but it didnot work. I found that the Activation keys are not valid in show version command. I am sending the configuration i did along with the show version. Is Invalid activation key is the cause of the problem that failover is not working fine

1 Accepted Solution

Accepted Solutions

Nope.

These lines should get replicated by just enabling failover lan interface on secondary.

Syed Iftekhar Ahmed

View solution in original post

8 Replies 8

cisco24x7
Level 6
Level 6

You need to open a TAC case with Cisco to get

the right Activation key so that it will work

with Failover.

I ran into this issue 2.5 years ago. Even

Cisco TAC was confused by it at first. Things

may be changing now but at the time, to my

knowledge, very few Cisco TAC engineers know

about this limitation.

This message is very normal. It simply means that no activation keys were entered in FWSM.

If you are using FWSM with standard features (Not using multicontext license needed for more than 2 contexts, or license for GTP inspection) then you will always get this message.

Your secondary FWSM config is not correct.

On secondary yo have to use same ip addresses as you used on primary FWSM failover commands

failover lan interface failover-interface vlan 61

failover interface ip failover-interface 192.168.1.1 255.255.255.0 standby 192.168.1.2

failover lan unit secondary

failover

For failover you just need to make sure that you are running same code and same type of licenses (if you are using additional features) on both FWSM.

Syed

Dear iftikhar,

Thanks for marking the mistake. One more question i would like to ask is that do i need to type the following commands also on the secondary FWSM.

failover link stateful-failover-link vlan 62

failover interface ip stateful-failover-link 192.168.2.1 255.255.255.0 standby 192.168.2.2

Nope.

These lines should get replicated by just enabling failover lan interface on secondary.

Syed Iftekhar Ahmed

it was working fine with the commands you told but another problem came was the wireless users were not getting the ip addresses from the dhcp server while wired users were getting it and they are both in the same vlan. wireless userss were not able to ping the default gateway.

what could be the reason

How is your DHCP configured? Are you using 'Super Scopes'?

Make sure you have the latest drivers for your Wireless Cards. This usually happens when the DHCP server is giving the IP /GW from the wrong VLAN.

Regards

Farrukh

The DHCP server is configured on Windows 2003 server machine and it is located at the outside vlan of the FWSM. the configuration for DHCP is following

dhcprelay server 10.70.97.10 outside

dhcprelay enable Basement_Ground_VLAN

dhcprelay enable Second_Third

dhcprelay enable Fourth_Fifth

dhcprelay enable Sixth_Seventh

dhcprelay enable Eight_Ninth_VLAN

dhcprelay enable DATA-SERVICES

dhcprelay enable Routed_Data_Services_VLAN

dhcprelay enable First_Floor

dhcprelay timeout 60

Wireless users are working with Single FWSM and are getting ip address and as soon as i configured failover they are not getting the ip address however there are wired users who are getting it.

One thing i would also mention that i didnot reload FWSM after configuring it. Should i do a reload.

One more thing that after a long time few users got the ip address but when they renew they were not getting it.

i had cleared arp but even though the problem was same.

should've bought a checkpoint.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: