Modérateur: modos Ixus
par antolien » 04 Oct 2005 17:42
par tomtom » 04 Oct 2005 18:03
Obtaining an Activation Key
To obtain an activation key, you will need a Product Authorization Key, which you can purchase from your Cisco account representative. After obtaining the Product Authorization Key, register it on the Web to obtain an activation key by performing the following steps:
Step 1 Connect a web browser to one of the following websites (the URLs are case-sensitive):
Use the following website if you are a registered user of Cisco Connection Online:
http://www.cisco.com/pcgi-bin/Software/ ... nerator.pl
Use the following website if you are not a registered user of Cisco Connection Online:
http://www.cisco.com/pcgi-bin/Software/ ... nerator.pl
Step 2 Obtain the serial number for your PIX Firewall by entering the following command:
show version
Step 3 Enter the following information, when prompted:
•Your Product Authorization Key
•The serial number for your PIX Firewall.
•Your email address.
The activation key will be automatically generated and sent to the email address that you provide.
Entering a New Activation Key
PIX Firewall Version 6.2 or higher provides a method of upgrading or changing the license for your PIX Firewall remotely without entering monitor mode and without replacing the software image. With this feature, you can enter a new activation key for a different PIX Firewall license from the command-line interface (CLI).
Before entering the activation key, ensure that the image in Flash memory and the running image are the same. You can do this by rebooting the PIX Firewall before entering the new activation key.
Note You must reboot the PIX Firewall after entering the new activation key for the change to take effect in the running image.
To enter an activation key, enter the following command:
activation-key activation-key-four-tuple
In this command, replace activation-key-four-tuple with the activation key you obtained with your new license.
For example:
activation-key 0x12345678 0xabcdef01 0x2345678ab 0xcdef01234
The leading "0x" hexadecimal indicator is optional. If it is omitted, the parameter is assumed to be a hexadecimal number, as in the following example.
activation-key 12345678 abcdef01 2345678ab cdef01234
After you enter the activation key, the system displays the following output when the activation key has been successfully changed:
pixfirewall(config)# activation-key 0x01234567 0x89abcdef01 0x23456789 0xabcdef01
Serial Number: 12345678 (0xbc614e)
Flash activation key: 0xyadayada 0xyadayada 0xyadayada 0xyadayada
Licensed Features:
Failover: yada
VPN-DES: yada
VPN-3DES: yada
Maximum Interfaces: yada
Cut-through Proxy: yada
Guards: yada
Websense: yada
Throughput: yada
ISAKMP peers: yada
The flash activation key has been modified.
The flash activation key is now DIFFERENT than the running key.
The flash activation key will be used when the unit is reloaded.
pixfirewall(config)#
-----
As indicated by this message, after entering the new activation key, you must reboot the PIX Firewall to enable the new license.
If you are upgrading the image to a newer version and the activation key is also being changed, reboot the system twice, as shown in the following procedure:
1. Install the new image.
2. Reboot the system.
The newer image can use the old key because all license keys are backward compatible, so the reload should not fail because of a bad activation key.
3. Update the new activation key.
4. Reboot the system.
After the key update is complete, the system is reloaded a second time, so the updated licensing scheme can take effect in a running image.
If you are downgrading an image, you only need to reboot once, after installing the new image. In this situation, the old key is both verified and changed with the current image, then the image can be updated and finally the system is reloaded.
Troubleshooting the License Upgrade
Table 11-1 lists the messages that the system displays when the activation key has not been changed:
Table 11-1 Troubleshooting the License Upgrade
System Message Displayed
Resolution
The activation key you entered is the same as the Running key.
Either the activation key has already been upgraded or you need to enter a different key.
The Flash image and the Running image differ.
Reboot the PIX Firewall and reenter the activation key.
The activation key is not valid.
Either you made a mistake entering the activation key or you need to obtain a valid activation key.
Problems may occur if an image is copied to Flash memory using the copy tftp flash:image command that is not compatible with the activation key in the Flash memory. You may need to use a different activation key and/or install from monitor mode or Boothelper to restore the unit if this happens.
To view your current activation key, enter the following command:
show activation-key
Example 11-1, Example 11-2, and Example 11-3 show the output from this command under different circumstances.
Example 11-1 Show activation-key—Flash Key and Image Same as Running
pixfirewall(config)# show activation-key
Serial Number: 12345678 (0xbc614e)
Running activation key: 0xe02888da 0x4ba7bed6 0xf1c123ae 0xffd8624e
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES: Enabled
Maximum Interfaces: 6
Cut-through Proxy: Enabled
Guards: Enabled
Websense: Enabled
Throughput: Unlimited
ISAKMP peers: Unlimited
The flash activation key is the SAME as the running key.
Example 11-2 Show activation-key—Flash Key Differs from Running Key
pixfirewall(config)# show activation-key
Serial Number: 12345678 (0xbc614e)
Running activation key: 0xe02888da 0x4ba7bed6 0xf1c123ae 0xffd8624e
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES: Enabled
Maximum Interfaces: 6
Cut-through Proxy: Enabled
Guards: Enabled
Websense: Enabled
Throughput: Unlimited
ISAKMP peers: Unlimited
Flash activation key: 0xyadayada 0xyadayada 0xyadayada 0xyadayada
Licensed Features:
Failover: yada
VPN-DES: yada
VPN-3DES: yada
Maximum Interfaces: yada
Cut-through Proxy: yada
Guards: yada
Websense: yada
Throughput: yada
ISAKMP peers: yada
The flash activation key is DIFFERENT than the running key.
The flash activation key takes effect after the next reload.
Example 11-3 Show activation-key—Flash Image Differs from Running Image
pixfirewall(config)# show activation-key
Serial Number: 12345678 (0xbc614e)
Running activation key: 0xe02888da 0x4ba7bed6 0xf1c123ae 0xffd8624e
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES: Enabled
Maximum Interfaces: 6
Cut-through Proxy: Enabled
Guards: Enabled
Websense: Enabled
Throughput: Unlimited
ISAKMP peers: Unlimited
The flash image is DIFFERENT than the running image.
The two images must be the same in order to examine the flash activation key.
pixfirewall(config)#
Retour vers Configuration matériel réseau
Utilisateur(s) parcourant actuellement ce forum : Aucun utilisateur inscrit et 1 invité
