apobull
join:2001-05-03
Manchester, MD
edit:
March 13th, @08:27AM
| Memory Upgrade Question for PIX 515E
I've been working with Cisco on a high memory usage issue involving our PIX 515E with 64 MB of RAM and the 8.X IOS. The engineer working the case came back to me recently to note a bug with the exact configuration we are running under. The workarounds are upgrading to 128 MB of RAM or downgrading the IOS to 7.X.
After doing some searching and seeing that a memory upgrade would be a few hundred dollars or so at the most, management gave the OK to get the upgrade. However, after digging further, I discovered we had a restricted license, which seems to restrict the device to 64 MB of RAM. Can someone confirm whether that is the case or not? If so, can someone then note the differences b/t a restricted / unrestricted license and what the approximate cost might be to convert to an unrestricted license.
I rather not downgrade the IOS but if it's necessary to upgrade the license at a significant cost along with the memory upgrade, I might not have much time in the short to mid-term
TIA |
|
aryoba
Premium,MVM
join:2002-08-22
edit:
March 13th, @09:28AM
| 1st of all you should not yet use PIX OS 8.X image since it is not yet stable. You should just use latest 7.2.x OS image.
Another issue is (as you already know) DRAM size. I believe you should have at least 128MB DRAM size to run OS 7.X or later.
Back to your question, frankly I never heard that PIX with restricted license is incapable of having 128MB DRAM size. Following link shows you the DRAM size requirement and the suggestion for PIX Firewall to run OS 7.0 or later.
PIX 500 Security Appliance 6.x to 7.x Software Upgrade Procedure
Either case, keep in mind that PIX Firewall is already EOS. Therefore upgrading DRAM size may not be the best decision anyway. You may want to consider to upgrade to ASA 5510 that by default come with OS 7.0 or later and has 128MB DRAM size. |
|
apobull
join:2001-05-03
Manchester, MD
| said by aryoba  :1st of all you should not yet use PIX OS 8.X image since it is not yet stable. You should just use latest 7.2.x OS image. Another issue is (as you already know) DRAM size. I believe you should have at least 128MB DRAM size to run OS 7.X or later. Back to your question, frankly I never heard that PIX with restricted license is incapable of having 128MB DRAM size. Following link shows you the DRAM size requirement and the suggestion for PIX Firewall to run OS 7.0 or later. PIX 500 Security Appliance 6.x to 7.x Software Upgrade ProcedureEither case, keep in mind that PIX Firewall is already EOS. Therefore upgrading DRAM size may not be the best decision anyway. You may want to consider to upgrade to ASA 5510 that by default come with OS 7.0 or later and has 128MB DRAM size. Thanks for the info. I have a ? into the engineer so will see what is stated there regarding the memory restrictions. We'll be budgeting $$$ for new firewalls but for now am stuck with the 515E. |
|
bky
Premium
join:2002-07-05
Austin, TX
 ·AT&T U-Verse
| reply to apobull
If you are stuck with that pix, you can run 7.x on it with only 64MB just fine. Since you're running 8.0 right now, I'm sure that you're aware there's no room for the asdm image in the flash. If you go the route of trying to upgrade memory, you're probably better off just going to an ASA. |
|
apobull
join:2001-05-03
Manchester, MD
| said by bky :If you are stuck with that pix, you can run 7.x on it with only 64MB just fine. Since you're running 8.0 right now, I'm sure that you're aware there's no room for the asdm image in the flash. If you go the route of trying to upgrade memory, you're probably better off just going to an ASA. I am stuck with this PIX until at least until the late summer / early fall. I really don't want to have to deal with a downgrade of the IOS in the interim if I can avoid it -- thus why the memory upgrade would be preferable. Once more funding becomes available, I will definitely keep the ASA in mind.
Regarding the ASDM image, I was able to get it installed in flash w/out a problem. |
|
MSN
join:2004-05-15
Osgoode, ON
edit:
March 14th, @10:02PM
| said by apobull :said by bky :If you are stuck with that pix, you can run 7.x on it with only 64MB just fine. Since you're running 8.0 right now, I'm sure that you're aware there's no room for the asdm image in the flash. If you go the route of trying to upgrade memory, you're probably better off just going to an ASA. I am stuck with this PIX until at least until the late summer / early fall. I really don't want to have to deal with a downgrade of the IOS in the interim if I can avoid it -- thus why the memory upgrade would be preferable. Once more funding becomes available, I will definitely keep the ASA in mind. Regarding the ASDM image, I was able to get it installed in flash w/out a problem. With regards to the memory, your engineer was exactly right, the restricted (R) license allows access to 1/2 the memory of the unrestricted (UR) license. With the 6.x and 7.0(x) code this meant 64 MB for the (R) license and 128 MB for the (UR) license. As of the 7.1(x) code base (and higher) Cisco started shipping the 515E with 128 MB of RAM for use with the (R) license and 256 MB of RAM with the (UR) license. Interestingly, even if you have extra RAM in your device, the (R) license will only allow you to use that which is licensed...bummer!
Is the 8.x code unstable? Not really. Cisco is shipping 8.0(3) code with new ASAs...so I doubt that it's unstable. Cisco has too much to lose otherwise. That said, for a short time Cisco was *recommending* the use of 7.2(x) code [latest = 7.2(3)) instead of 8.0(x)] unless the customer had a compelling reason to use the SSL VPN features of the 8.x code base.
On another note, the 6.3(x) ASDM and the 8.0(x) OS fit into the 16MB of flash with almost 2 MB to spare on the PIX since the OS image is significantly smaller than the equivalent version of ASA code, mostly because of its lack of SSL (eg: WebVPN and AnyConnect, etc.) features.
/Eric |
|
legacyb4
join:2008-05-14
Burnaby, BC
| reply to bky
I'm in a similar boat with a Pix 515E/6.3(5) with 32MB RAM. I'm on an unrestricted license though and I've been following a few threads on other forums that upgrades to 128MB or even 256MB can be had with using 3rd party, 168-pin SDRAM.
I've got a pair of 2x64s and a pair of 2x128s that I'm going to try out today after scheduling a 30 minute downtime window.
The question is, will 6.3(5) show me that I have the memory installed? Not so worried if it's actually usable as I'm planning to upgrade to 7.x shortly as well.
What I really want to know too is whether 7.x supports the built-in VPN clients for OS X 10.5 (release notes say they've now dropped PPTP support altogether. |
|
legacyb4
join:2008-05-14
Burnaby, BC
| Sweet, just did the upgrade (10 minutes downtime) and everything is back online. 6.3(5) now shows me total memory of 128MB with approximately 58MB in use (versus around 22MB on the 32MB system).
said by legacyb4 :I've got a pair of 2x64s and a pair of 2x128s that I'm going to try out today after scheduling a 30 minute downtime window. The question is, will 6.3(5) show me that I have the memory installed? Not so worried if it's actually usable as I'm planning to upgrade to 7.x shortly as well. |
|
