[fw-wiz] PIX software release 5.2

Jian Zhen jlz@synlab.com
Tue, 19 Sep 2000 18:08:32 -0700

PIX 5.2.1 has a huge SSH bug in that if you are using failover, it will
erase the ssh key on the secondary. eventually if the pix fails over and
the new active (was secondary) syncs the new standby (was primary), it 
will erase the primary's ssh key also.

so careful when u use 5.2.1

Carson Gaspar (carson@tla.org) [000919 17:43]:
> --On Monday, September 18, 2000 10:54 AM -0500 shewitt@cdw.com wrote:
> > Anybody have any good / bad experiences with PIX 5.2(1)?
> It's working fine for me, so far. But it's a very small install, and we 
> don't use WebSense. 5.2(1) adds SSH support (finally!), so that's a good 
> reson to upgrade. Of course, you have to have a VPN license to use it 
> (wonderful Cisco...). You can get a free 56-bit DES VPN license from Cisco, 
> but have to pay for the 3-DES license. Oh, and you can only install the new 
> license by re-loading the firmare on the PIX. Oh, and SSH-DES doesn't work 
> with Tatu's unix SSH-1 client (it does with SecureCRT, so I suspect the 
> unix code to be at fault, but...). And OpenSSH doesn't support DES.
> But I'm not bitter. Really! :)
> -- 
> Carson Gaspar -- carson@tla.org
> Queen Trapped in a Butch Body
> _______________________________________________
> Firewall-wizards mailing list
> Firewall-wizards@nfr.net
> http://www.nfr.net/mailman/listinfo/firewall-wizards

Jian L. Zhen