SSL license upgrade for failover ASA

Unanswered Question
Jun 7th, 2010
User Badges:

In order to upgrade the standard 2 user SSL license to 50, do I have to purchase an SSL license for both the active and failover ASA, essentially doubling my cost? I bought one license and loaded it into the active unit and obviously now it wont go into failover mode because the 2 units dont match now. If you have to purchase a license for both, that certainly makes it rediculously expensive to upgrade any license in a failover.

Thanks,

Greg M

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
JORGE RODRIGUEZ Mon, 06/07/2010 - 13:47
User Badges:
  • Green, 3000 points or more

Gregory,


As far as I know you do  need to license both ,  PAK issues  activation  key  per firewall serial number...  Im not aware of any other way around it .


You can always write [email protected] directly and see if there is a way around it.

Although it is not recommended in failover deployment there is  VPN Flex licensing , where you may use temp license in the standby  when becomes active . it sounds  tedious  to keep track of timed base licenses but it may help if money  is an object in purchasing additional 50 SSL lic for the standby . Im not ware of the cost difererces when using flex license compared with permanent lic.

Some basic details here .

http://www.cisco.com/en/US/partner/docs/security/asa/asa80/license/license80.html#wp92932


Regards

Todd Pula Mon, 06/07/2010 - 13:55
User Badges:
  • Silver, 250 points or more

Prior to the release of 8.3 code, the failover feature looked at the member ASAs to ensure that the licensing matched.  With 8.3, only one unit needs a valid license.  If one ASA has a 50 user persistent license and then other has the default of 2 users, the total that the HA pair could support is 52.  Remember that in order to upgrade to 8.3, each platform has strict memory requirements many of which will require a memory upgrade.


http://www.cisco.com/en/US/partner/docs/security/asa/asa83/configuration/guide/ha_overview.html#wp1092030


http://www.cisco.com/en/US/partner/docs/security/asa/asa83/release/notes/asarn83.html#wp37821

JORGE RODRIGUEZ Mon, 06/07/2010 - 14:04
User Badges:
  • Green, 3000 points or more

Topula, indeed excellent info !  I think this is something folks were looking for  prior 8.3 .

Actions

This Discussion