11-24-2010 09:40 PM
HI Team,
How can we configure SIte-Site VPN tunnel in Older Cisco Pix 515e Version 6.3(1).I have experience in Latest Cicso ASA Firewalls but
it seems to be crypto is not supporting in Cisco Pix 515e.See the Following Command when i am trying to configure in Pix :
FIREWALL(config)# isakmp enable outside
ISAKMP cannot be enabled since fixup protocol esp-ike is enabled. Please correct
What is the information means "ISAKMP cannot be enabled since fixup protocol esp-ike is enabled. Please correct"
Pls follow the Sh Version Output :
FIREWALL# sh ver
Cisco PIX Firewall Version 6.3(1)
Cisco PIX Device Manager Version 3.0(1)
Compiled on Wed 19-Mar-03 11:49 by morlee
STPI-FIREWALL up 115 days 22 hours
Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0x300, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: ethernet0: address is 000d.2832.11cb, irq 10
1: ethernet1: address is 000d.2832.11cc, irq 11
2: ethernet2: address is 0002.b3b6.cff9, irq 5
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Disabled
Maximum Interfaces: 3
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has a Restricted (R) license.
Serial Number: 807211327 (0x301d113f)
Running Activation Key: 0x55320d37 0xdc70af37 0x9734ac1f 0xf28fcb14
Configuration last modified by enable_15 at 21:56:22.117 UTC Wed Nov 24 2010
Is it due to the Firewall is a Restricted (R) license.Pls help me on this
Regards
Ramu
11-24-2010 09:46 PM
You can either terminate or pass through IPSec VPN on that version.
If you would like to terminate the IPSec VPN on that PIX, then you can disable the fixup if you are not passing through IPSec traffic on the PIX:
no fixup protocol esp-ike
From the show version output, it seems that you only have DES license. You can upgrade it to 3DES license for free if you are going to configure 3DES or AES encryption policy.
Hope that helps.
11-24-2010 10:00 PM
Hi,
Thanks for your Quick Reply.
I am Configuring Site-Site VPN tunnel on this Pix-515E. How can i upgrade the License for Free ,
My querie is how can i myself determine & take Decision that license upgradation is Free or needs to purchase ,how u said.
The IP Sec data traffic is both directions means we will send /recive data over VPN.Pls guide us now.
Regards
Ramu
11-24-2010 10:05 PM
Here is the URL to obtain the 3DES license:
https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?DemoKeys=Y
and click on the "Cisco PIX Security Appliance 3DES/AES License" to obain the 3DES license.
11-24-2010 10:08 PM
Hi,
Thanks again for quick response.
But it is asking CCO username & Password,What would be the details , is dfault cisco/cisco
Regards
Ramu
11-24-2010 10:20 PM
You would need to have a valid CCO ID that links to the Smartnet contract for your PIX515E.
11-24-2010 11:03 PM
Thanks.
Until i make as no fixup protocol esp-ike in the Firewall ,i can esatblish the IPSec VPN.
As this Firewall is in Production and it is for Interner access to users ,will it effect to the Users Traffic if i make configuration with
no fixup protocol esp-ike in the Firewall.
Pls suggest.
Sorry for Troubling you with all queries as i am running with short of time and i am unable to get good docuentation.
Regards
Ramu
11-24-2010 11:11 PM
Do you have any IPSec traffic passing through the PIX at the moment?
If you don't have any IPSec traffic passing through the PIX, then it is safe to disable that fixup.
11-25-2010 02:05 AM
Thanks Jennifer .
Will do it.
Regards
Ramu
11-25-2010 02:37 PM
How does it go? Please kindly mark the post as answered if you have no further questions. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide