VPN Licensing in Active/Standby

Unanswered Question
Mar 26th, 2009
User Badges:

We have two 5520s in active/standby configuration. Do I need to buy VPN licenses for both devices or just the active and they will tranfer to the standby in case of failover?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Sun, 03/29/2009 - 12:59
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Mark


I am not clear whether you are talking about licensing for IPSec VPN or for SSL VPN. Since the licensing for IPSec is quite straightforward I will assume that you are talking about licensing for SSL VPN. In the current version of software you need to purchase licensing for both 5520s since there is no license transfer capability in current software.


Cisco has introduced flex licensing for SSL VPN and from what I understand of it, you purchase the flex licenses to obtain extra capacity (or perhaps to accomodate failover) and they are much less expensive than the normal licenses. Most of the time the flex licenses are not used and nothing happens with them. When you need them, you activate them and when you no longer need them you stop the activation. They track the number of days that they are activated and are good for only a specific number of days. When the number of days of activation is exceeded the licenses expire and you need to purchase more licenses.


I have heard that in a future release of code for the ASA there will be support for sharing licenses between ASAs. I do not know details of it, but I believe that this is the solution that you (and I) really want to deal with failover situations.


HTH


Rick

Actions

This Discussion