ASA failover help

mohamed_makled · ‎06-03-2008

Dear all

i have 2 ASAs 5520 , they have VPN plus license . i tried to configure them to support failover feature for the customer network. But when configuring the secondary unit with the faiover configuration and enable the faiover on it , it prompts me that it cannot take the configuarion from the primary device due to something in the license (webvpn peers).The following is "show version" output from the two devices :

Primary-ASA# sh ver

Cisco Adaptive Security Appliance Software Version 7.2(3)

Device Manager Version 5.2(3)

Compiled on Wed 15-Aug-07 16:08 by builders

System image file is "disk0:/asa723-k8.bin"

Config file at boot was "startup-config"

ciscoasa up 5 mins 7 secs

Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : CNlite-MC-Boot-Cisco-1.2

SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: GigabitEthernet0/0 : address is 001d.459f.ccc6, irq 9

1: Ext: GigabitEthernet0/1 : address is 001d.459f.ccc7, irq 9

2: Ext: GigabitEthernet0/2 : address is 001d.459f.ccc8, irq 9

3: Ext: GigabitEthernet0/3 : address is 001d.459f.ccc9, irq 9

4: Ext: Management0/0 : address is 001d.459f.ccc5, irq 11

5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11

6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 150

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : 750

WebVPN Peers : 2

This platform has an ASA 5520 VPN Plus license.

Secondary-ASA# sh ver

Cisco Adaptive Security Appliance Software Version 7.2(3)

Device Manager Version 5.2(3)

Compiled on Wed 15-Aug-07 16:08 by builders

System image file is "disk0:/asa723-k8.bin"

Config file at boot was "startup-config"

ciscoasa up 6 mins 47 secs

Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash LHF00L47 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : CNlite-MC-Boot-Cisco-1.2

SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: GigabitEthernet0/0 : address is 001b.d554.6c04, irq 9

1: Ext: GigabitEthernet0/1 : address is 001b.d554.6c05, irq 9

2: Ext: GigabitEthernet0/2 : address is 001b.d554.6c06, irq 9

3: Ext: GigabitEthernet0/3 : address is 001b.d554.6c07, irq 9

4: Ext: Management0/0 : address is 001b.d554.6c03, irq 11

5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11

6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 150

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : 750

WebVPN Peers : 25

This platform has an ASA 5520 VPN Plus license.

what is the license that i need to enable the failover feature on the above devices???

waiting your replies

regards

Farrukh Haroon · ‎06-03-2008

Maybe because there is a mismatch in the WebVPN licenses of the two boxes. One has a 25 user license installed, whereas the other has the default free users (two).

Regards

Farrukh

mohamed_makled · ‎06-03-2008

Dear farrukh

Thanks for your reply , what i can do to solve this issue?

The ASA that has few webvpn peers needs another license or not???

thanks

Farrukh Haroon · ‎06-03-2008

I could only locate the following on the Cisco Website:

"Both units have the same hardware, software configuration, and *proper* license."

It would be best to approach your local SE or if you work for a Cisco Partner, the Partner Online pre-sales help Team.

Regards

Farrukh