PIX License Types

Cisco com

• UR: Allows installation and use of the maximum number of interfaces and RAM supported by the platform.

• Restricted: Limits the number of interfaces supported and the amount of RAM available within the system (no contexts and no failover).

• Active/standby failure: Places one security appliance in a failover mode for use alongside a security appliance that has a UR license. Only one unit can be actively processing user traffic; the other unit acts as a hot standby.

• Active/active failover: Places a security appliance that has a UR license in a failover mode for use alongside another security appliance that has a UR license, or two UR licenses. Both units can actively process traffic while serving as a backup for each other.

Applies to PIX Firewall 515/515E, 525, and 535

© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-37

Current security appliance licensing is a feature-based license key system. The security appliance license determines the level of service the security appliance provides, its functions in a network, and the maximum number of interfaces and memory it can support.

For the PIX 500 Series Security Appliances, the following licensing is available:

■ PIX 501 Security Appliance: A 10-user, 50-user, or UR license is provided via PIX Security Appliance Software v6.3. Each license except the UR license allows a specified maximum number of concurrent source IP addresses from your internal network to traverse the firewall. For instance, the 50-user license allows up to 50 concurrent source IP addresses from your internal network to traverse the firewall. If a PIX 501 Security Appliance requires more concurrent users to traverse the security appliance, the following upgrades of user licenses are available: 10-user to 50-user license, 10-user to UR license, and 50-user to UR license.

■ PIX 506E Security Appliance: A single UR license is provided.

■ PIX 515E, 525, and 535 Security Appliances available with the following basic license types:

— UR license: PIX Security Appliance platforms in a UR license mode allow installation and use of the maximum number of interfaces and RAM supported by the platform. The UR license supports failover.

— Restricted license: PIX Security Appliance platforms in a restricted license mode limit the number of interfaces supported and the amount of RAM available within the system. A restricted licensed firewall does not support contexts or failover configurations.

— Active/standby failover: Places the PIX Security Appliance in a failover mode for use alongside a PIX Security Appliance that has a UR license. Only one unit can be actively processing user traffic; the other unit acts as a hot standby.

— Active/active failover: Places a PIX Security Appliance that has a UR license in a failover mode for use alongside another PIX Security Appliance that has a UR license. Both units can actively process firewall traffic while serving as a backup for each other. Active/active failover is supported using security contexts.

Cisco supplies an activation key with a license. The activation key is based on the type of license and the serial number of the security appliance. To enable the license features, enter the activation key into the security appliance configuration. Unlike the Cisco PIX Security Appliance Software v6.3, which always requires a valid license key to run, Cisco PIX and ASA Security Appliance Software v7.0 can run without a license key, but it runs in with the default settings. When upgrading from PIX Security Appliance v6.3 to PIX and ASA v7.0, the existing license key for release 6.3 is saved in a central location on the Flash file system. When downgrading from PIX and ASA v7.0 to PIX Security Appliance v6.2 or v6.3, the license key that was saved during the upgrade procedure is retrieved and saved to the PIX Security Appliance v6.2 or v6.3 image.

Note An activation key is tied to a specific security appliance using the security appliance's serial number.

VPN Encryption License

• DES license

- Provides 56-bit DES

• 3DES/AES license

- Provides 168-bit 3DES

- Provides up to 256-bit AES

© 2005 Cisco Systems, Inc. All rights reserved.

SNPA v4.0—2-38

Besides upgrading the security appliance license, you may wish to add data encryption services or increase the level of data encryption that your PIX Security Appliance can provide. You can complete an online form at Cisco.com to obtain a free 56-bit DES key. A separate form is required in order to install or upgrade to 168-bit 3DES encryption. For failover configurations, the UR and FO licenses each require their own unique corresponding DES or 3DES/AES license for failover functionality.

Adding cryptographic services and upgrading your security appliance license both require obtaining and installing an activation key. Log on to Cisco.com for current information on obtaining activation keys.

Dept/Cust 1 Dept/Cust 2

Default i=>

Dept/Cust 1 Dept/Cust 2 Dept/Cust 3 Dept/Cust N

Sa flh fii

Was this article helpful?

0 0

Post a comment