From: Jack.W.Parks@xxxxxxxxxx
Date: Wed Jun 12 2002 - 10:16:09 GMT-3
You won't be able to 3DES IP-Sec tunnels. Try using DES encryption, or
upgrade the software (which I'm pretty sure Cisco will verify your
maintenance contract).
>VPN-DES: Enabled
>VPN-3DES: Disabled
Other than that, I'm out of ideas. Cross platform IPSEC tunnels are a
pain. Not one of my strong suites. :-)
Jack W. Parks IV
Sr. Network Engineer
Data/IP Engineering
ALLTEL Communications
jack.w.parks@alltel.com
Work: 501-905-5961
Cell: 501-680-3341
-----Original Message-----
From: David [mailto:david_knot@yahoo.com]
Sent: Wednesday, June 12, 2002 7:45 AM
To: Parks, Jack W; Ian.C.Stong@mail.sprint.com
Cc: ccielab@groupstudy.com
Subject: RE: Failover PIX
HERE IS THE SHOW VER:
pix515b# sh ver
Cisco PIX Firewall Version 6.1(2)
Compiled on Mon 31-Dec-01 08:44 by morlee
pix515b up 3 hours 20 mins
Hardware: PIX-515, 32 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is 0003.6bf6.87c5, irq 11
1: ethernet1: address is 0003.6bf6.87c6, irq 10
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES: Disabled
Maximum Interfaces: 3
Cut-through Proxy: Enabled
Guards: Enabled
Websense: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
ISAKMP peers: Unlimited
--- Jack.W.Parks@alltel.com wrote:
> Could you be lacking the licensing to do so? From
> my PIX 515 firewall
>
> PIX#sh ver
> <snip>
>
> Licensed Features:
> Failover: Enabled
> VPN-DES: Enabled
> VPN-3DES: Enabled
> Maximum Interfaces: 6
> Cut-through Proxy: Enabled
> Guards: Enabled
> Websense: Enabled
> Inside Hosts: Unlimited
> Throughput: Unlimited
> ISAKMP peers: Unlimited
>
> Jack W. Parks IV
> Sr. Network Engineer
> Data/IP Engineering
> ALLTEL Communications
> jack.w.parks@alltel.com
> Work: 501-905-5961
> Cell: 501-680-3341
>
>
>
> -----Original Message-----
> From: David [mailto:david_knot@yahoo.com]
> Sent: Wednesday, June 12, 2002 6:58 AM
> To: Ian.C.Stong@mail.sprint.com;
> ccielab@groupstudy.com
> Subject: RE: Failover PIX
>
>
> Ian
>
> it boots fine, it seems to do general packet passing
> but can't seem to do IP Sec tunnels to a VPN 3005.
> Exact same config on another Restrcited by primary
> PIX
> 515 works fine.
>
>
> --- Ian.C.Stong@mail.sprint.com wrote:
> > If it's licensed as a standby only - then it will
> > not boot fully without
> > a failover cable and connection to a PIX licensed
> as
> > a primary.
> >
> > I had two brand new PIX's the other and they were misshipped with
> > both having only standby licenses. I hooked them up
> with
> > a failover cable
> > and they wouldn't boot past the licensing error
> > message.
> >
> >
> > Ian Stong
> >
> > -----Original Message-----
> > From: david.knot [mailto:david_knot@yahoo.com]
> > Sent: Wednesday, June 12, 2002 6:18 AM
> > To: ccielab
> > Subject: OT: Failover PIX
> >
> >
> > In my lab, I've got a PIX 515 Failover model.
> >
> > Can this work on its own (i.e. without the main non-Failover PIX
> > 515)? Or does it only become operational when non-failover dies?
> >
> > so far I can't get it to work.
> >
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:31 GMT-3