Existing PIX devices not using VAC+ card

philliplyle · ‎03-07-2005

Our existing restricted license PIX devices do not seem to be utilizing the VAC+ cards that we recently installed in 3 PIX 515s. From what I've read, it should just work. Here is output from two of the devices:

Cisco PIX Firewall Version 6.3(3)

Cisco PIX Device Manager Version 3.0(1)

Compiled on Wed 13-Aug-03 13:55 by morlee

ILPIX515 up 98 days 3 hours

Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : Crypto5823 (revision 0x1)

0: ethernet0: address is 0015.438a.edaf, irq 10

1: ethernet1: address is 0016.438a.edb0, irq 11

2: ethernet2: address is 000e.0c71.233b, irq 5

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES-AES: Disabled

Maximum Physical Interfaces: 3

Maximum Interfaces: 5

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has a Restricted (R) license.

--

Cisco PIX Firewall Version 6.3(1)

Cisco PIX Device Manager Version 3.0(1)

Compiled on Wed 19-Mar-03 11:49 by morlee

eLibPIX up 123 days 3 hours

Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz

Flash i28F640J5 @ 0x300, 16MB

BIOS Flash AT29C257 @ 0xfffd8000, 32KB

Encryption hardware device : Crypto5823 (revision 0x1)

0: ethernet0: address is 0051.54ff.335c, irq 10

1: ethernet1: address is 0051.54ff.335d, irq 7

2: ethernet2: address is 0092.2743.2fd6, irq 11

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES-AES: Disabled

Maximum Interfaces: 6

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has an Unrestricted (UR) license.

---

Any ideas? Thanks for all of your help,

Phil

gfullage · ‎03-07-2005

What makes you think they're not being used? The "sho ver" output above includes this line:

Encryption hardware device : Crypto5823 (revision 0x1)

which indicates the PIX can see the VAC+ card, and therefore will be using it.

By the way, you can apply for a 3DES license for your PIX's now, they're free.

https://www.cisco.com//cgi-bin/Software/FormManager/formgenerator.pl?pid=221&fid=1283

philliplyle · ‎03-07-2005

Thanks for the link, was gonna go searching for that tomorrow.

I don't think its being used because on a newly purchased 515E unrestricted it shows (VAC+) in parenthesis; and all examples of what to look for say that it should show VAC+ specifically, not just Crypto5823.

Are you saying that Crypto5823 by itself means VAC+?

Thanks for your help.

-Phil

gfullage · ‎03-08-2005

Yep, definately. My box in the lab shows the following:

sv2-11(config)# sho ver

Cisco PIX Firewall Version 6.3(4)

Cisco PIX Device Manager Version 3.0(1)

Compiled on Fri 02-Jul-04 00:07 by morlee

sv2-11 up 5 days 1 hour

Hardware: PIX-515, 32 MB RAM, CPU Pentium 200 MHz

Flash i28F640J5 @ 0x300, 16MB

BIOS Flash AT29C257 @ 0xfffd8000, 32KB

Encryption hardware device : Crypto5823 (revision 0x1)

0: ethernet0: address is 0050.54fe.ea5e, irq 11

1: ethernet1: address is 0050.54fe.ea5f, irq 10

2: ethernet2: address is 00e0.b605.6cf7, irq 9

3: ethernet3: address is 00e0.b605.6cf6, irq 9

4: ethernet4: address is 00e0.b605.6cf5, irq 9

5: ethernet5: address is 00e0.b605.6cf4, irq 9

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Physical Interfaces: 6

Maximum Interfaces: 10

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has an Unrestricted (UR) license.

Serial Number: xxxxxxxx (0xyyyyyyy)

Running Activation Key: 0xaaaaaaa 0x445340f4 0x9e65fbfe 0xb6c5fc9e

Configuration last modified by enable_15 at 14:06:24.349 UTC Fri Mar 4 2005

sv2-11(config)#

FYI, a VAC (not a VAC+) will show up as:

Encryption hardware device : IRE2141 with 2048KB, HW:1.0, CGXROM:1.9, FW:6.5

philliplyle · ‎03-09-2005

Yer awesome =)