Hi Vibhor, thanks a lot, thats it!!!

Vibhor,

further to that I have a question if you have a moment please?

i have upgraded 2 x 5510 to the Sec plus license. I have not as yet, enabled active/active. This is because the output from a sh ver shows 0 contexts. The question is, does this output show 0 contexts purely because A/A has not been enabled or because no contexts are available?

I'm a bit concerned about this...

Cheers

Ali

Can you post the output from "sh ver" on both devices.

If you don't have a licence for contexts you should only have an Acitive/Standy failover licence.

Hi Mark, Here's the output. Active/Standby only as you can see

# sh ver

Cisco Adaptive Security Appliance Software Version 7.0(5)

Device Manager Version 5.0(5)

Compiled on Mon 10-Apr-06 14:40 by builders

System image file is "disk0:/asa705-k8.bin"

Config file at boot was "startup-config"

up 3 hours 34 mins

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash AT49LW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : CNlite-MC-Boot-Cisco-1.2

SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: Ethernet0/0 : address is 0018.195b.e8a0, irq 9

1: Ext: Ethernet0/1 : address is 0018.195b.e8a1, irq 9

2: Ext: Ethernet0/2 : address is 0018.195b.e8a2, irq 9

3: Ext: Ethernet0/3 : address is 0018.195b.e8a3, irq 9

4: Ext: Management0/0 : address is 0018.195b.e89f, irq 11

5: Int: Not licensed : irq 11

6: Int: Not licensed : irq 5

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 25

Inside Hosts : Unlimited

Failover : Active/Standby

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 0

GTP/GPRS : Disabled

VPN Peers : 150

This platform has an ASA 5510 Security Plus license.

Serial Number: xxxxxx

Running Activation Key:xx xxx xxx xx

Configuration register is 0x1

Configuration has not been modified since last system restart.

As things stand, you can only run Active/Standby failover.

However I am a little confused, with your license status, the "sh ver" is reporting Security Plus which according to Cisco supports both Active/Standby and Active/Active

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

However contexts apear to be seperately licensed feature, so if/when you purchase such a license, maybe Active/Active will become available automaticaly. As you can probably tell I have never done that particular upgrade, but you would need the licence on both devices if so.

I was a bit baffled too when I saw the same doc. Also, tech support docs say that A/A is supported with a Sec Plus.

Thanks for the sanity check anyway Mark.

Ali

All I can find on the Cisco site is this

http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd802c1d00.html

Which gives the Part for a 5500 5 Context license, the previous link shows you should have 2 contexts with a Security Plus license.

If possible I would raise a TAC case to get this cleared up.. Not at all obvious..

The other thing you could try, is to upgrade to V7.2 software, if you have appropriate support

If get anything from Cisco please post, as I am curious how this works.

Mark,

As you suggested, I upgraded to 7.2.2, using the Sec Plus licenses. This then enabled two contexts, which under 7.0.5 showed none. So happy days!

thanks for the suggestions

Ali