Upgrade the Activation Key

Upgrade the Activation Key

There are a couple of reasons that you may need to upgrade the activation key on your PIX.

  • Your PIX does not currently have VPN-DES or VPN-3DES encryption enabled.

    Note: VPN-DES encryption must be enabled for you to manage your PIX with the use of PDM. Registered users can obtain a free 56-bit VPN-DES activation key when they complete the PIX 56-bit License Upgrade Key form. VPN-3DES activation keys must be purchased through your local reseller or Cisco sales representative.

  • Your PIX currently does not have failover activated.

  • You upgrade from a connection-based license to a feature-based license.

If you fall into one of these categories and have obtained a new activation key for your PIX, the next step is to connect to your PIX, issue the show version command, and save the output to a text file. The output of the show version command contains your existing version, serial number, and activation key. You need this information if there are any problems with the upgrade of your activation key.

The PIX activation key is based on the serial number of the PIX and is therefore unique for each PIX. The activation key tells the PIX what features it is licensed for. The serial number of your PIX is saved in Flash. If you replace the Flash card in your PIX, then your PIX contains a new serial number (different from the number shown on the sticker on the outside of the box). Always use the serial number displayed in the output of the show version command.

Note: You need to manually enter Activation Keys because the cut and paste process can cause errors which cause the Activation Keys to fail.

Note:  Add additional numbers to 9-digit serial numbers that start with either the number 4 or 8 in order to make them 11-digit numbers. For example, the number 4xxxxxxxx appears as 444xxxxxxxx in the Activation Key. Likewise, numbers that start with an 8 require that you add two additional 8’s.

PIX Devices that Run Versions 6.1 and Earlier

If your PIX currently runs versions 6.1 or earlier, follow the instructions in Upgrade the PIX Firewall from Boothelper or Monitor Mode. Step 10 is where you are prompted to enter a new activation key.

PIX Devices that Run Versions 6.2 and 6.3

If your PIX currently runs versions 6.2 or 6.3, use the activation-key command in order to change your activation key. Refer to the PIX Command Reference for more information.

Example: Upgrade the Activation Key on a PIX that Runs Versions 6.2 or 6.3

pixfirewall(config)# activation-key 54bf4b80 b7237e20 05022c63 f09e3302 Updating flash...Done. Serial Number: 480490644 (0x1ca3b494) Flash Activation Key: 0x54bf4b80 0xb7237e20 0x05022c63 0xf09e3302 Licensed Features: Failover: Enabled VPN-DES:Enabled VPN-3DES: Enabled Maximum Interfaces: 10 Cut-through Proxy:Enabled Guards: Enabled URL-filtering:Enabled Inside Hosts: Unlimited Throughput: Unlimited IKE peers:Unlimited The flash activation key has been modified. The flash activation key is now DIFFERENT from the running key. The flash activation key will be used when the unit is reloaded. pixfirewall(config)# pixfirewall(config)#reload

Leave a Reply