Upgrading PIX 515 from 5.1 to 7.x
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||||||||
|
Posted by VeeDub on September 3, 2006, 1:26 am
Please log in for more thread options well as for RAM, I can see this can be purchased quite inexpensively on eBay so if I needed to upgrade to 128MB I could probably afford this. I have read however that PIX OS and activation keys are tied to the actual serial number of the device. Do you know if this is true? If so, it seems I would need to contact Cisco for both an OS and an activation key if I wanted to upgrade to a 3DES operation. Alternatively I suppose I could get a software contract on it but I presume this would not allow me to simply upgrade to 3DES, this activation key would be extra I presume, but am I right in thinking this would allow me to receive and install 7.x atleast, presuming that the OS is tied to the serial on the device? Thanks again john smith wrote: > >
> >>Cisco Secure PIX Firewall Version 5.1(2)
> >>Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz > >
> > That's good news in one way, the 64 MB is the mimimum you need for > > PIX 7. However, > > > >>Maximum Interfaces: 6
> >
> > That tells me that the PIX 515 currently has an Unrestricted license. > > If you were to install PIX 7 on it, then you would need 128 MB > > to fit the Unrestricted license, according to Cisco. It's the > > same image as Restricted though, so it'd be a matter of data tables, > > so if the PIX wasn't very active then you -might- be able to > > get away with 64 MB, depending on how strictly the PIX OS checks. > > > > > >>From this I can see it is running 5.1 (2) so from this information you
> >>believe it is technically possible to upload a 7.x image to it and use > >>it without a new activation key? > >
> > Yes. > > > >>Also, it only has DES available, not
> >>3DES or AES (which I presume was not around at the time of 5.1) so if I > >
> > AES did not come in until 6.something, but 3DES existed back then. > > The same key is used for 3DES and AES; I -think- I saw in passing > > that that key is also required for the SSL and HTTPS features. > > > >>wanted to use this I would need a new key. Would this be a key that
> >>would be inserted whilst running 5.1 or once 7.x is installed. > >
> > Either way. It's easier from 6.1 onward: before that point, changing > > the key requires copying in the OS again, with the key being > > prompted for as the very last stage of that. 6.1 onward has a simple > > command to enter a new key. > > > > One minor point: when you upgrade to PIX 7, it saves a copy of the > > existing activation key, and if you ever downgrade then it restores > > that activation key. So if you install the 3DES key first before > > the upgrade then if you were to downgrade you would still have 3DES, > > but if you were to install the 3DES key after the upgrade then > > if you were to downgrade it'd go back to the old key. On the > > other had at that point you could just enter the 3DES key since it'd > > be the same activation key. > > > > > >>I have also read the device needs to be updated to 6.2 or 6.3 before
> >>upgrading to 7.x. Are you familiar with this requirement? > >
> > That is what is documented. We did have one report from someone > > who went from a much older version upward, apparently skipping 6.x > > in the process. The glitches reported were to do with the memory > > size, I think it was. >
> > i've installed/operated a 515e w/ 64MBram and UR license running 7.x > software. it's not officially supported by Cisco, but if you're just > looking for lab use, it will do fine. (in this configuration iv'e not > used failover though so i dont know if the memory limitations play a role > then) | |||||||||||||||||||
|
Posted by Walter Roberson on September 3, 2006, 2:16 am
Please log in for more thread options >I have read however that PIX OS and activation keys are tied to the
>actual serial number of the device. Do you know if this is true? Definitely not for 6.x. I'm not sure for 7.x, but I doubt it. But it might plausibly be the case for the Cisco ASA series. >If so,
>it seems I would need to contact Cisco for both an OS and an activation >key if I wanted to upgrade to a 3DES operation. Alternatively I suppose >I could get a software contract on it but I presume this would not >allow me to simply upgrade to 3DES, this activation key would be extra >I presume, but am I right in thinking this would allow me to receive >and install 7.x atleast, presuming that the OS is tied to the serial on >the device? These days, if you are in one of the countries allowed to receive 3DES and you are not on the banned persons list, then you are entitled to a free 3DES activation key. The catch is that you have to go through a registration form, and they are going to check your registration information against the previous owner's registration information. You do not need a new activation key to go from 5.1(2)UR to 7.x: you just won't be able to use some of the features. And for your study purposes those might turn out to be key features. | |||||||||||||||||||
|
Posted by VeeDub on September 3, 2006, 2:32 am
Please log in for more thread options Thanks Walter
your advice has been invaluable. Walter Roberson wrote: > >I have read however that PIX OS and activation keys are tied to the
> >actual serial number of the device. Do you know if this is true? >
> Definitely not for 6.x. I'm not sure for 7.x, but I doubt it. > But it might plausibly be the case for the Cisco ASA series. > > >If so,
> >it seems I would need to contact Cisco for both an OS and an activation > >key if I wanted to upgrade to a 3DES operation. Alternatively I suppose > >I could get a software contract on it but I presume this would not > >allow me to simply upgrade to 3DES, this activation key would be extra > >I presume, but am I right in thinking this would allow me to receive > >and install 7.x atleast, presuming that the OS is tied to the serial on > >the device? >
> These days, if you are in one of the countries allowed to receive > 3DES and you are not on the banned persons list, then you are > entitled to a free 3DES activation key. The catch is that you > have to go through a registration form, and they are going to > check your registration information against the previous owner's > registration information. > > You do not need a new activation key to go from 5.1(2)UR to 7.x: > you just won't be able to use some of the features. And for > your study purposes those might turn out to be key features. | |||||||||||||||||||
|
Posted by john smith on September 3, 2006, 6:36 pm
Please log in for more thread options On Sat, 02 Sep 2006 23:32:17 -0700, VeeDub wrote:
> Thanks Walter
> > your advice has been invaluable. > > > > Walter Roberson wrote: >> >I have read however that PIX OS and activation keys are tied to the
>> >actual serial number of the device. Do you know if this is true? >>
>> Definitely not for 6.x. I'm not sure for 7.x, but I doubt it. >> But it might plausibly be the case for the Cisco ASA series. >> >> >If so,
>> >it seems I would need to contact Cisco for both an OS and an activation >> >key if I wanted to upgrade to a 3DES operation. Alternatively I suppose >> >I could get a software contract on it but I presume this would not >> >allow me to simply upgrade to 3DES, this activation key would be extra >> >I presume, but am I right in thinking this would allow me to receive >> >and install 7.x atleast, presuming that the OS is tied to the serial on >> >the device? >>
>> These days, if you are in one of the countries allowed to receive >> 3DES and you are not on the banned persons list, then you are >> entitled to a free 3DES activation key. The catch is that you >> have to go through a registration form, and they are going to >> check your registration information against the previous owner's >> registration information. >> >> You do not need a new activation key to go from 5.1(2)UR to 7.x: >> you just won't be able to use some of the features. And for >> your study purposes those might turn out to be key features. i can say from experience the activation is tied to the S/N. even in 6.3. i had to open a TAC case on this 2 weeks ago be/c one of my pixes lost its activation key during a downgrade from 7.2(1) to 6.3(5). i couldn't just take an activation key from one of my many other (same model) pixes. when i called TAC, they had to have my S/N, and he specifically said it was tied to the activation key. | |||||||||||||||||||
|
Posted by VeeDub on September 5, 2006, 8:52 pm
Please log in for more thread options Thanks John
seems I need to make sure then that whatever one I get it should already be enabled for the functionality I require. john smith wrote: > On Sat, 02 Sep 2006 23:32:17 -0700, VeeDub wrote:
> > > Thanks Walter
> > > > your advice has been invaluable. > > > > > > > > Walter Roberson wrote: > >> >I have read however that PIX OS and activation keys are tied to the
> >> >actual serial number of the device. Do you know if this is true? > >> > >> Definitely not for 6.x. I'm not sure for 7.x, but I doubt it. > >> But it might plausibly be the case for the Cisco ASA series. > >> > >> >If so, > >> >it seems I would need to contact Cisco for both an OS and an activation > >> >key if I wanted to upgrade to a 3DES operation. Alternatively I suppose > >> >I could get a software contract on it but I presume this would not > >> >allow me to simply upgrade to 3DES, this activation key would be extra > >> >I presume, but am I right in thinking this would allow me to receive > >> >and install 7.x atleast, presuming that the OS is tied to the serial on > >> >the device? > >> > >> These days, if you are in one of the countries allowed to receive > >> 3DES and you are not on the banned persons list, then you are > >> entitled to a free 3DES activation key. The catch is that you > >> have to go through a registration form, and they are going to > >> check your registration information against the previous owner's > >> registration information. > >> > >> You do not need a new activation key to go from 5.1(2)UR to 7.x: > >> you just won't be able to use some of the features. And for > >> your study purposes those might turn out to be key features. >
> i can say from experience the activation is tied to the S/N. even in 6.3. > i had to open a TAC case on this 2 weeks ago be/c one of my pixes lost its > activation key during a downgrade from 7.2(1) to 6.3(5). i couldn't just > take an activation key from one of my many other (same model) pixes. when > i called TAC, they had to have my S/N, and he specifically said it was > tied to the activation key. | |||||||||||||||||||
| Similar Threads | Posted |
| upgrading the ios. | February 13, 2005, 6:32 pm |
| PIX 7.0.2 upgrading from 7.0.1. | July 29, 2005, 5:09 pm |
| Upgrading PIX 515 from 5.1 to 7.x | September 2, 2006, 1:05 am |
| Does the PIX 515 have to be rebooted after upgrading from PDM 3.0(1) to 3.0(3)? | August 10, 2005, 1:58 pm |
| UPGRADING 3550 SMI to EMI | August 12, 2005, 4:39 am |
| Upgrading IOS on 2500 | April 24, 2006, 6:54 pm |
| thoughts on upgrading to PIX v7.xx | November 21, 2005, 10:40 am |
| Upgrading PIX 515E FO | December 19, 2006, 2:46 pm |
| Upgrading 2500 IOS | January 7, 2007, 6:54 am |
| Upgrading IOS on 1841 | January 27, 2007, 3:25 pm |
| Upgrading FW on 2921 | October 15, 2007, 11:01 am |
| Upgrading IOS on uBRs | November 13, 2007, 1:04 pm |
| IOS Upgrading "Policy" | November 20, 2007, 9:33 pm |
| vpdn problem after upgrading to 12.3(14) | July 12, 2005, 7:53 pm |
| questions about upgrading old 2611 to 12.3 | July 17, 2005, 7:11 pm |
>