06-10-2007 05:26 AM - edited 03-11-2019 03:27 AM
Hi
I have recently registered and received a 3DES/AES activation key for my pix 535 firewall. I had before (with the previous license) maximum of 14 interfaces available but now this has changed to 10. Shouldn?t the new license be the exact features I had before + the 3DES/AES license?. How can I check what features I had when I bought the firewall with the previous key?
Thanks
06-10-2007 12:50 PM
Hi -
I've searched other TAC cases and here's what I found.
If you register for the 3des key on:
http://www.cisco.com/go/license
and choose 6.x pix, then the Licensing tool will issue a 10 interface license.
If you register it as a 7.x pix, then the license tool will issue a 14 interface license.
What version of Pix code are you running?
thxs
peter
06-10-2007 09:27 PM
Hi Peter
I am running 7.2(1).
Here is the activation key I have (that is still enabled on my firewall).
PIX TYPE: PIX-535-UR
SERIAL #: 88808011462
and the following licenses
Licensed features for this platform:
Maximum Physical Interfaces : 14
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Disabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited .
Running Activation Key: xxx
I have requested a free 3des/aes license from Cisco?s web site and received the following activation key (i am not sure which version I chose, but I think it was 7)
PIX TYPE: PIX-535-UR
SERIAL #: 88808011462
Maximum Interfaces: 10
Failover: Enabled
VPN-DES: Enabled
VPN-Triple DES: Enabled
Failover mode only license : No
Cut-through Proxy: Enabled
Guards: Enabled
Websense: Enabled
KEY: xxx
I registered for another key with the 7.X release yesterday and this is what I got.
PIX TYPE: PIX-535-UR
SERIAL #: 88808011462
Failover : Enabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
FO : Disabled
FO-AA : Disabled
Security Contexts : 2
GTP/GPRS : Disabled
Platform = asa-pix
Key:xxx
The above is pretty confusing, no interfaces, no failover ,GTP disabled... . !!!!!
There is differences between the features on both keys given to me via Cisco and my current key. Shouldn?t they have only aes/3des license in addition to my previous features?
One thing I must also mention is that this firewall was running 6.2(x) release previously, I had upgraded this firewall to 7.2 earlier. I did not upgrade to 7.0 then 7.2(the device is working with the first set of license given above perfectly). And also I have not applied any of the keys given to me via Cisco because of the differences between my key and the other two.
One more question, if this problem is solved, am I capable of using AES on my firewall with the new license, or is there another license that I would have to buy?
Regards
Mahdi
06-11-2007 03:47 AM
The fact that your first issues license key has only 4 elements implies that you requested a version 6 license, re-request specifying version 7.
06-11-2007 08:54 PM
This was what I thought, and that?s why i registered again and received a key with the following features=
I registered for another key with the 7.X release yesterday and this is what I got.
PIX TYPE: PIX-535-UR
SERIAL #: 88808011462
Failover : Enabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
FO : Disabled
FO-AA : Disabled
Security Contexts : 2
GTP/GPRS : Disabled
Platform = asa-pix
I am not sure on this but why isn't any interfaces specified and why is GTP, FO-AA disabled? Where are all my other features gone with this new key?
I have emailed Cisco License team and I have not received any emails from them.
Any Ideas?
Mahdi
06-11-2007 09:12 PM
Hi Mahdi -
Sorry for the problems you are experiencing.
My best suggestion is to open a TAC case as e-mailing licensing@cisco.com recently for me has returned an e-mail to open a TAC case.
Looks like the 3des tool doesn't provide all that you need, so you need someone from the licensing team to cut the key the way you need it.
Let us know how we can help further.
thxs
peter
06-12-2007 12:20 AM
Hi Peter
Unfortunately I do not have a support contract for this device and I am not able to resolve this issue with TAC.
Any Ideas?
Would the key work with AES (if it is resolved)?
regards
Mahdi
06-12-2007 04:57 AM
Yes - work with your account team from Cisco to see if they can be of further assistance.
Your AM and SE can help you with your situation.
thxs
peter
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: