3DES License - Insufficient Memory for UR/FO/FO-AA License(s)

Andrew Kirkby · ‎11-22-2010

Hi,

I have applied a license upgrade in order to enable the 3DES VPN feature on a PIX firewall, however, when I do a show ver I now see the following message -

*************************************************************************
**                                                                     **
** **** WARNING *** WARNING *** WARNING *** WARNING *** WARNING **** **
**                                                                     **
** !!! ---> Insufficient Memory for UR/FO/FO-AA License(s) <--- !!! **
**                                                                     **
** Minimum 128 Mb needed for UR/FO/FO-AA License(s) on this platform! **
**                                                                     **
*************************************************************************

Is this just a warning that I cannot use the FO/FO-AA features (that I don't need anyway) or does it mean that the box will not run at all?

The complete output of the two units (UR & FO) are posted below. All I am trying to do is run them in a A/S configuration to terminate a number of VPN connections (3DES).

Andy

Failover Unit

Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)51

Compiled on Thu 07-Aug-08 19:42 by builders
System image file is "flash:/image.bin"
Config file at boot was "startup-config"

mtm-hg-vpn-pix-01 up 3 hours 27 mins
failover cluster up 3 hours 27 mins

Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
0: Ext: Ethernet0           : address is 0011.218d.2b2e, irq 10
1: Ext: Ethernet1           : address is 0011.218d.2b2f, irq 11
2: Ext: Ethernet2           : address is 0005.5d18.9918, irq 11
3: Ext: Ethernet3           : address is 0005.5d18.9919, irq 10
4: Ext: Ethernet4           : address is 0005.5d18.991a, irq 9
5: Ext: Ethernet5           : address is 0005.5d18.991b, irq 5

Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs                : 25
Inside Hosts                 : Unlimited
Failover                     : Active/Standby
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Cut-through Proxy            : Enabled
Guards                       : Enabled
URL Filtering                : Enabled
Security Contexts            : 2
GTP/GPRS                     : Disabled
VPN Peers                    : Unlimited

This platform has a Failover Only-Active/Standby (FO) license.

Serial Number: 80NNAAXX6
Running Activation Key: 0xaaaaaaaa 0xbbbbbbbb 0xcccccccc 0xdddddddd 0xeeeeeeee
Configuration last modified by enable_15 at 15:17:39.007 UTC Mon Nov 22 2010

*************************************************************************
**                                                                     **
** **** WARNING *** WARNING *** WARNING *** WARNING *** WARNING **** **
**                                                                     **
** !!! ---> Insufficient Memory for UR/FO/FO-AA License(s) <--- !!! **
**                                                                     **
** Minimum 128 Mb needed for UR/FO/FO-AA License(s) on this platform! **
**                                                                     **
*************************************************************************

Active Unit

Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)51

Compiled on Thu 07-Aug-08 19:42 by builders
System image file is "flash:/image.bin"
Config file at boot was "startup-config"

mtm-hg-vpn-pix-01 up 5 mins 20 secs

Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
0: Ext: Ethernet0           : address is 0011.218d.2b79, irq 10
1: Ext: Ethernet1           : address is 0011.218d.2b7a, irq 11
2: Ext: Ethernet2           : address is 0005.5d19.0a20, irq 11
3: Ext: Ethernet3           : address is 0005.5d19.0a21, irq 10
4: Ext: Ethernet4           : address is 0005.5d19.0a22, irq 9
5: Ext: Ethernet5           : address is 0005.5d19.0a23, irq 5

Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs                : 25
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Cut-through Proxy            : Enabled
Guards                       : Enabled
URL Filtering                : Enabled
Security Contexts            : 2
GTP/GPRS                     : Disabled
VPN Peers                    : Unlimited

This platform has an Unrestricted (UR) license.

Serial Number: 80NNAAXX6
Running Activation Key: 0xaaaaaaaa 0xbbbbbbbb 0xcccccccc 0xdddddddd 0xeeeeeeee

Configuration has not been modified since last system restart.

*************************************************************************
**                                                                     **
** **** WARNING *** WARNING *** WARNING *** WARNING *** WARNING **** **
**                                                                     **
** !!! ---> Insufficient Memory for UR/FO/FO-AA License(s) <--- !!! **
**                                                                     **
** Minimum 128 Mb needed for UR/FO/FO-AA License(s) on this platform! **
**                                                                     **
*************************************************************************

Panos Kampanakis · ‎11-22-2010

The box will run, but if you face issues due to memory it will not be supported.

So it is a warning that is is not supported memory, but it doesn't mean that the PIX will not pass traffic for example.

You might face issues if you are low memory though.

I hope it helps.

PK