Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 515e 6.3 to 7.0 Failover disable

hi,

i was running a failover set of pix515e version 6.3(4). I upgraded my device to 7.1 and now i failover is disabled. I get the asdm syslog messages:

(Primary) Disabling failover

(Primary) Mate license (VPN-3DES-AES Enabled) is not compatible with my license(VPN-3DES-AES Disabled)

pls comments

5 REPLIES
New Member

Re: PIX 515e 6.3 to 7.0 Failover disable

Check the software on both devices "show ver" and ensure that the encryption level is the same on both. I would suspect the primary device hasn't been upgraded.

If it is upgrade ASDM on both, I have had issues where the compatability checks gave incorect errors.

New Member

Re: PIX 515e 6.3 to 7.0 Failover disable

hi Mark,

i've turned off failover box still getting the error. pls find attached file of show version and show run.

regs,

New Member

Re: PIX 515e 6.3 to 7.0 Failover disable

Adil,

from your "sh ver" I see

VPN-3DES-AES : Disabled

I would strongly suspect it is Enabled on the other device.

You will need a CCO ID, but you can register for a free upgrade, assuming you are in a country where shuch encryption is legal.

This link might work

https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?DemoKeys=Y

If not

www.cisco.com->login

Software Downloads->Cisco Secure Software

PIX Security Appliance Software

*FREE* Reguister for PIX DES or 3DES/AES IPsec software feature keys

You don't have a PAK so "click here for available licenses"

Under Security Products select the licence you want, and then fill in all the paperwork.

You will need to enter the new license and then reboot, which will cause an interupt to service as you have turned off the secondary device. Once the reboot has completed turn the secondary back on and all should be well.

New Member

Re: PIX 515e 6.3 to 7.0 Failover disable

Hi,

you are right, but can you tell me how can i disable 3des encryption on the other device so that i've same settings on both device. i want to do like this becasue my device has 64 mb of ram and 3des requires 128mb ram.

thanks

New Member

Re: PIX 515e 6.3 to 7.0 Failover disable

Never done it, but you should be able to request a DES license for the secondary in the same way.

I don't have a device handy to check, but I am 99% sure that you can have a 3DES license on a 64 MB device, the only requirement for 128 MB is Version 7 software.

*please rate previous posts if they are/were helpfull*

242
Views
4
Helpful
5
Replies