Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5510 License problem (Urgent)

I have two ASA 5510 boxes. Earlier one box was having the security plus license with the follwoing options.

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 100      
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled  
VPN-3DES-AES                 : Enabled  
Security Contexts            : 2        
GTP/GPRS                     : Disabled 
VPN Peers                    : 250      
WebVPN Peers                 : 2        
AnyConnect for Mobile        : Disabled 
AnyConnect for Linksys phone : Disabled 
Advanced Endpoint Assessment : Disabled 
UC Proxy Sessions            : 2       

This platform has an ASA 5510 Security Plus license.

To make the failover setup I ordered one more license for the second firewall. 

ASA5510-SEC-PL

ASA 5510 Security Plus License w/ HA, GE, more VLANs + conns

After upgrading the key. Now I am getting following options in the 2nd firewall. and because of this I am not able to make failover because of the following error.

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 100      
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled  
VPN-3DES-AES                 : Enabled  
Security Contexts            : 2        
GTP/GPRS                     : Disabled 
VPN Peers                    : 250      
WebVPN Peers                 : 50       
AnyConnect for Mobile        : Disabled 
AnyConnect for Linksys phone : Disabled 
Advanced Endpoint Assessment : Disabled 
UC Proxy Sessions            : 2       

This platform has an ASA 5510 Security Plus license.

Please let me know how to proceed on this. How to get the license with 2 webVPN peers to make the failover. I am in big problem now. If i hav ordered wrong license what will the case now.

Please help me out and let me know either this is possible to get the new key with the 2 WebVPN peer. Because my current firewall is having 2 WebVPN peer support.

Urgent help is require.

Mate's license (50 WebVPN Peers) is not compatible with my license (2 WebVPN Peers).

Failover will be disabled.

1 REPLY
Cisco Employee

Re: ASA 5510 License problem (Urgent)

If you would like the failover to work, temporarily you would need to downgrade the webvpn license from 50 user license back to

the default of 2 user license. You would need to send an email to licensing@cisco.com requesting the same. I would suggest that you send them the output of show version from the ASA that you would like to downgrade the 50 users to default 2 users license and explaining that you would like to get the activation key. It's a good idea to keep the current activation key with the 50 user license webvpn.

FYI - for failover to work, both ASA needs to have exactly the same hardware, software and license. If 1 ASA has 50 webvpn user license, the other ASA also needs to have 50 webvpn user license.

This is true for ASA version 8.2 and below. For ASA version 8.3 and above, you do not need to have the same license for failover to work, however, please check the release notes for what have changed in ASA v8.3 as there are major NAT change and some ACL change as off version 8.3 that you might want to study first before upgrading it to 8.3.

Hope that helps.

1379
Views
0
Helpful
1
Replies
CreatePlease to create content