Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
266
Views
0
Helpful
2
Replies

Failover and 3DES

Go to solution
dmox
Level 1
Level 1

‎05-19-2004 05:22 AM - edited ‎03-09-2019 07:26 AM

I have a pair of PIX'es in a Failover config both running fine. However, by default the 3DES is disabled and is a free feature upgrade to the PIX. I've been able to activate 3DES on the Active unit but not the standby unit (I actually haven't received the email back from Cisco and it's been 6 days now).

My question is, will the Failover unit still work with 3DES encryption even though 3DES isn't active? Did the license applied to the Primary Active unit pass through to the Standby unit?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
scoclayton
Level 7
Level 7

‎05-19-2004 06:53 AM

Yes, the failover unit will still work even though it does not have a 3DES license yet. If a failover were to occur and you actually had some features using 3DES, these items would fail to function properly on the stand-by unit until the license was upgraded. For instance, if you have VPN connections set to terminate on your PIX with 3DES encryption. Should a failover occur to your stand-by PIX, these VPN clients would be unable to negotiate 3DES encryption with the stand-by PIX due to the lack of a 3DES license. My guess though is that you have not added any 3DES features to your primary PIX yet so you are probably OK.

I would suggest dropping an e-mail to licensing@cisco.com with the S/N from your stand-by PIX and explaining the situation to them. They should be able to help you out. Good luck.

Scott

View solution in original post

0 Helpful
2 Replies 2

Go to solution
scoclayton
Level 7
Level 7

‎05-19-2004 06:53 AM

Yes, the failover unit will still work even though it does not have a 3DES license yet. If a failover were to occur and you actually had some features using 3DES, these items would fail to function properly on the stand-by unit until the license was upgraded. For instance, if you have VPN connections set to terminate on your PIX with 3DES encryption. Should a failover occur to your stand-by PIX, these VPN clients would be unable to negotiate 3DES encryption with the stand-by PIX due to the lack of a 3DES license. My guess though is that you have not added any 3DES features to your primary PIX yet so you are probably OK.

I would suggest dropping an e-mail to licensing@cisco.com with the S/N from your stand-by PIX and explaining the situation to them. They should be able to help you out. Good luck.

Scott

0 Helpful

Go to solution
dmox
Level 1
Level 1
In response to scoclayton

‎05-19-2004 08:41 AM

Thanks! This answered my question and I'm in the process of getting the License Key sorted out. Thanks for the help!

0 Helpful
Customers Also Viewed These Support Documents