Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX515E with FO license: Crypto key gone once pix rebooted

Hi.. i'm facing a problem with my PIX515E with FO license. Each time my firewall reboot, my crypto key for ssh is gone hence i'm unable to use ssh as my remote access method. Is it part of PIX515E FO license limitation? appreciate that someone can give me an answer. thanks.

5 REPLIES
Super Bronze

Re: PIX515E with FO license: Crypto key gone once pix rebooted

What version is your PIX firewall?

If it's version 6.3 and earlier: "ca save all" on the failover PIX, as that will save the key.

If it's version 7.0 and later: "wr mem" on the failover PIX, as that will save the key.

Hope that helps.

New Member

Re: PIX515E with FO license: Crypto key gone once pix rebooted

It is PIX version 8.0(4)

generate crypto key by using command "crypto key generate rsa modulus 1024".

I did write memory but the problem still persist.

any different between"write" command and "write memory" command? usually, i just type "wr" to save the config.

Super Bronze

Re: PIX515E with FO license: Crypto key gone once pix rebooted

"wr" and "wr mem" is the same command.

Do you perform "wr" on the Active firewall, or on both Active and Standby firewall?

New Member

Re: PIX515E with FO license: Crypto key gone once pix rebooted

Hi... my Active firewall is faulty and will take some time for me to source for a new PIX unless i migrate it to ASA5500.. currently, my FO PIX is running as standalone..

Super Bronze

Re: PIX515E with FO license: Crypto key gone once pix rebooted

FYI - PIX515E is also already EOL, so depending on whether you have smartnet contract already for the faulty device or not. If you don't have smartnet for the faulty device, you can't get replacement for the PIX515E anymore. If you have existing smartnet contract, then you can get the faulty PIX RMA.

Here is the EOL notification for your reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_eol_notice0900aecd8073fa36.html

You might want to consider migrating to ASA firewall anyway.

440
Views
0
Helpful
5
Replies