Hi Peter

I am running 7.2(1).

Here is the activation key I have (that is still enabled on my firewall).

PIX TYPE: PIX-535-UR

SERIAL #: 88808011462

and the following licenses

Licensed features for this platform:

Maximum Physical Interfaces : 14

Maximum VLANs : 150

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Disabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : Unlimited .

Running Activation Key: xxx

I have requested a free 3des/aes license from Cisco?s web site and received the following activation key (i am not sure which version I chose, but I think it was 7)

PIX TYPE: PIX-535-UR

SERIAL #: 88808011462

Maximum Interfaces: 10

Failover: Enabled

VPN-DES: Enabled

VPN-Triple DES: Enabled

Failover mode only license : No

Cut-through Proxy: Enabled

Guards: Enabled

Websense: Enabled

KEY: xxx

I registered for another key with the 7.X release yesterday and this is what I got.

PIX TYPE: PIX-535-UR

SERIAL #: 88808011462

Failover : Enabled

VPN-DES : Enabled

VPN-3DES-AES : Enabled

FO : Disabled

FO-AA : Disabled

Security Contexts : 2

GTP/GPRS : Disabled

Platform = asa-pix

Key:xxx

The above is pretty confusing, no interfaces, no failover ,GTP disabled... . !!!!!

There is differences between the features on both keys given to me via Cisco and my current key. Shouldn?t they have only aes/3des license in addition to my previous features?

One thing I must also mention is that this firewall was running 6.2(x) release previously, I had upgraded this firewall to 7.2 earlier. I did not upgrade to 7.0 then 7.2(the device is working with the first set of license given above perfectly). And also I have not applied any of the keys given to me via Cisco because of the differences between my key and the other two.

One more question, if this problem is solved, am I capable of using AES on my firewall with the new license, or is there another license that I would have to buy?

Regards

Mahdi

The fact that your first issues license key has only 4 elements implies that you requested a version 6 license, re-request specifying version 7.

This was what I thought, and that?s why i registered again and received a key with the following features=

I registered for another key with the 7.X release yesterday and this is what I got.

PIX TYPE: PIX-535-UR

SERIAL #: 88808011462

Failover : Enabled

VPN-DES : Enabled

VPN-3DES-AES : Enabled

FO : Disabled

FO-AA : Disabled

Security Contexts : 2

GTP/GPRS : Disabled

Platform = asa-pix

I am not sure on this but why isn't any interfaces specified and why is GTP, FO-AA disabled? Where are all my other features gone with this new key?

I have emailed Cisco License team and I have not received any emails from them.

Any Ideas?

Mahdi

Hi Mahdi -

Sorry for the problems you are experiencing.

My best suggestion is to open a TAC case as e-mailing licensing@cisco.com recently for me has returned an e-mail to open a TAC case.

Looks like the 3des tool doesn't provide all that you need, so you need someone from the licensing team to cut the key the way you need it.

Let us know how we can help further.

thxs

peter

Hi Peter

Unfortunately I do not have a support contract for this device and I am not able to resolve this issue with TAC.

Any Ideas?

Would the key work with AES (if it is resolved)?

regards

Mahdi

Yes - work with your account team from Cisco to see if they can be of further assistance.

Your AM and SE can help you with your situation.

thxs

peter