From: David (david_knot@xxxxxxxxx)
Date: Wed Jun 12 2002 - 10:20:02 GMT-3
Jack
I'm only doing single DES. As I said, the other PIX
515 is fine with same config...
--- Jack.W.Parks@alltel.com wrote:
> You won't be able to 3DES IP-Sec tunnels. Try using
> DES encryption, or
> upgrade the software (which I'm pretty sure Cisco
> will verify your
> maintenance contract).
>
> >VPN-DES: Enabled
> >VPN-3DES: Disabled
>
> Other than that, I'm out of ideas. Cross platform
> IPSEC tunnels are a
> pain. Not one of my strong suites. :-)
>
> Jack W. Parks IV
> Sr. Network Engineer
> Data/IP Engineering
> ALLTEL Communications
> jack.w.parks@alltel.com
> Work: 501-905-5961
> Cell: 501-680-3341
>
>
> -----Original Message-----
> From: David [mailto:david_knot@yahoo.com]
> Sent: Wednesday, June 12, 2002 7:45 AM
> To: Parks, Jack W; Ian.C.Stong@mail.sprint.com
> Cc: ccielab@groupstudy.com
> Subject: RE: Failover PIX
>
>
> HERE IS THE SHOW VER:
>
> pix515b# sh ver
>
> Cisco PIX Firewall Version 6.1(2)
>
> Compiled on Mon 31-Dec-01 08:44 by morlee
>
> pix515b up 3 hours 20 mins
>
> Hardware: PIX-515, 32 MB RAM, CPU Pentium 200 MHz
> Flash i28F640J5 @ 0x300, 16MB
> BIOS Flash AT29C257 @ 0xfffd8000, 32KB
>
> 0: ethernet0: address is 0003.6bf6.87c5, irq 11
> 1: ethernet1: address is 0003.6bf6.87c6, irq 10
>
> Licensed Features:
> Failover: Disabled
> VPN-DES: Enabled
> VPN-3DES: Disabled
> Maximum Interfaces: 3
> Cut-through Proxy: Enabled
> Guards: Enabled
> Websense: Enabled
> Inside Hosts: Unlimited
> Throughput: Unlimited
> ISAKMP peers: Unlimited
>
>
>
>
>
> --- Jack.W.Parks@alltel.com wrote:
> > Could you be lacking the licensing to do so? From
> > my PIX 515 firewall
> >
> > PIX#sh ver
> > <snip>
> >
> > Licensed Features:
> > Failover: Enabled
> > VPN-DES: Enabled
> > VPN-3DES: Enabled
> > Maximum Interfaces: 6
> > Cut-through Proxy: Enabled
> > Guards: Enabled
> > Websense: Enabled
> > Inside Hosts: Unlimited
> > Throughput: Unlimited
> > ISAKMP peers: Unlimited
> >
> > Jack W. Parks IV
> > Sr. Network Engineer
> > Data/IP Engineering
> > ALLTEL Communications
> > jack.w.parks@alltel.com
> > Work: 501-905-5961
> > Cell: 501-680-3341
> >
> >
> >
> > -----Original Message-----
> > From: David [mailto:david_knot@yahoo.com]
> > Sent: Wednesday, June 12, 2002 6:58 AM
> > To: Ian.C.Stong@mail.sprint.com;
> > ccielab@groupstudy.com
> > Subject: RE: Failover PIX
> >
> >
> > Ian
> >
> > it boots fine, it seems to do general packet
> passing
> > but can't seem to do IP Sec tunnels to a VPN 3005.
> > Exact same config on another Restrcited by primary
> > PIX
> > 515 works fine.
> >
> >
> > --- Ian.C.Stong@mail.sprint.com wrote:
> > > If it's licensed as a standby only - then it
> will
> > > not boot fully without
> > > a failover cable and connection to a PIX
> licensed
> > as
> > > a primary.
> > >
> > > I had two brand new PIX's the other and they
> were misshipped with
> > > both having only standby licenses. I hooked
> them up
> > with
> > > a failover cable
> > > and they wouldn't boot past the licensing error
> > > message.
> > >
> > >
> > > Ian Stong
> > >
> > > -----Original Message-----
> > > From: david.knot [mailto:david_knot@yahoo.com]
> > > Sent: Wednesday, June 12, 2002 6:18 AM
> > > To: ccielab
> > > Subject: OT: Failover PIX
> > >
> > >
> > > In my lab, I've got a PIX 515 Failover model.
> > >
> > > Can this work on its own (i.e. without the main
> non-Failover PIX
> > > 515)? Or does it only become operational when
> non-failover dies?
> > >
> > > so far I can't get it to work.
> > >
> > >
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:31 GMT-3