SSL VPN and Failover

Answered Question
Jun 16th, 2010
User Badges:

Hi,


I have a question about Shared License (VPN).

We have two firewalls with Security Plus license. We want to use Shared License but it is not working in active/active failover. I have configured the failover to be active/standby but it still Failover active/active in the license view.

How can I change Failover active/active to be active/standby??

If I break the failover, can I then use the Shared License? We need to use more then two SSL VPN user at the same time.



Best Regards


Magnus Gustafsson


Pulsen Production AB

Correct Answer by edadios about 6 years 9 months ago

Please refer to the following documentation :


http://www.cisco.com/en/US/customer/docs/security/asa/asa82/configuration/guide/license.html#wp1322250


######

Information About the Shared Licensing Server and Participants

The following steps describe how shared licenses operate:

1. Decide which adaptive security appliance should be the shared licensing server, and purchase the shared licensing server license using that device serial number.

######


Not sure if you still want to change failover mode.




If you do, the best way will possibly be to make the primary unit the active device for all the context failover group. Clear the config on the secondary unit, reload it, and reconfigure the primary for active standby failover as documented here :


http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1064158


Once the failover configuration is completed on the primary unit, configure the secondary unit for minimum failover configuration needed, as mentioned on same document above, and the config should synch from primary to standby.


Regards,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
edadios Wed, 06/16/2010 - 22:29
User Badges:
  • Silver, 250 points or more

Please refer to the following documentation :


http://www.cisco.com/en/US/customer/docs/security/asa/asa82/configuration/guide/license.html#wp1322250


######

Information About the Shared Licensing Server and Participants

The following steps describe how shared licenses operate:

1. Decide which adaptive security appliance should be the shared licensing server, and purchase the shared licensing server license using that device serial number.

######


Not sure if you still want to change failover mode.




If you do, the best way will possibly be to make the primary unit the active device for all the context failover group. Clear the config on the secondary unit, reload it, and reconfigure the primary for active standby failover as documented here :


http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1064158


Once the failover configuration is completed on the primary unit, configure the secondary unit for minimum failover configuration needed, as mentioned on same document above, and the config should synch from primary to standby.


Regards,

Actions

This Discussion