ASA failover help

Unanswered Question
Jun 3rd, 2008
User Badges:

Dear all


i have 2 ASAs 5520 , they have VPN plus license . i tried to configure them to support failover feature for the customer network. But when configuring the secondary unit with the faiover configuration and enable the faiover on it , it prompts me that it cannot take the configuarion from the primary device due to something in the license (webvpn peers).The following is "show version" output from the two devices :


Primary-ASA# sh ver

Cisco Adaptive Security Appliance Software Version 7.2(3)

Device Manager Version 5.2(3)

Compiled on Wed 15-Aug-07 16:08 by builders

System image file is "disk0:/asa723-k8.bin"

Config file at boot was "startup-config"

ciscoasa up 5 mins 7 secs

Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)


Boot microcode : CNlite-MC-Boot-Cisco-1.2


SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03


IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: GigabitEthernet0/0 : address is 001d.459f.ccc6, irq 9

1: Ext: GigabitEthernet0/1 : address is 001d.459f.ccc7, irq 9

2: Ext: GigabitEthernet0/2 : address is 001d.459f.ccc8, irq 9

3: Ext: GigabitEthernet0/3 : address is 001d.459f.ccc9, irq 9

4: Ext: Management0/0 : address is 001d.459f.ccc5, irq 11

5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11

6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:


Maximum Physical Interfaces : Unlimited

Maximum VLANs : 150

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : 750

WebVPN Peers : 2


This platform has an ASA 5520 VPN Plus license.



Secondary-ASA# sh ver

Cisco Adaptive Security Appliance Software Version 7.2(3)

Device Manager Version 5.2(3)

Compiled on Wed 15-Aug-07 16:08 by builders

System image file is "disk0:/asa723-k8.bin"

Config file at boot was "startup-config"

ciscoasa up 6 mins 47 secs

Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash LHF00L47 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : CNlite-MC-Boot-Cisco-1.2


SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03


IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: GigabitEthernet0/0 : address is 001b.d554.6c04, irq 9

1: Ext: GigabitEthernet0/1 : address is 001b.d554.6c05, irq 9

2: Ext: GigabitEthernet0/2 : address is 001b.d554.6c06, irq 9

3: Ext: GigabitEthernet0/3 : address is 001b.d554.6c07, irq 9

4: Ext: Management0/0 : address is 001b.d554.6c03, irq 11

5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11

6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq

Licensed features for this platform:


Maximum Physical Interfaces : Unlimited


Maximum VLANs : 150


Inside Hosts : Unlimited


Failover : Active/Active


VPN-DES : Enabled


VPN-3DES-AES : Enabled


Security Contexts : 2


GTP/GPRS : Disabled


VPN Peers : 750


WebVPN Peers : 25


This platform has an ASA 5520 VPN Plus license.


what is the license that i need to enable the failover feature on the above devices???


waiting your replies


regards


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Tue, 06/03/2008 - 18:22
User Badges:
  • Red, 2250 points or more

Maybe because there is a mismatch in the WebVPN licenses of the two boxes. One has a 25 user license installed, whereas the other has the default free users (two).


Regards


Farrukh

mohamed_makled Tue, 06/03/2008 - 22:14
User Badges:

Dear farrukh


Thanks for your reply , what i can do to solve this issue?


The ASA that has few webvpn peers needs another license or not???


thanks

Farrukh Haroon Tue, 06/03/2008 - 22:56
User Badges:
  • Red, 2250 points or more

I could only locate the following on the Cisco Website:


"Both units have the same hardware, software configuration, and *proper* license."


It would be best to approach your local SE or if you work for a Cisco Partner, the Partner Online pre-sales help Team.


Regards


Farrukh

Actions

This Discussion