Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
390
Views
0
Helpful
2
Replies

ASA failover after upgrading one license key

Go to solution
wasahongNYC
Level 1
Level 1

‎07-12-2013 06:41 AM - edited ‎03-11-2019 07:11 PM

hi

I have 2 ASA 8.2(5) firewalls for failover.

ASA 1 for active and ASA 2 for standby.

and,

in order to get ssh AES function I upgraded ASA 1 license key.

but the failover is off since now the software between 2 firewalls is not the same.

(after that I configure some thing new on ASA 1 as well)

I want to upgrade the license key for ASA 2.

so that the failover can work again.

do I need to clear failover configuration on ASA 2 first then upgrade the license key on it?

(in case the ASA 2 becomes active and replicates its configuration to ASA 1)

or should I configure "no failover active" on ASA 2 to avoid it to be active role?

I am new on this issue.

so please do me a favor.

Thank you very much,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎07-12-2013 11:16 AM

Hi.

do I need to clear failover configuration on ASA 2 first then upgrade the license key on it?

(in case the ASA 2 becomes active and replicates its configuration to ASA 1)

or should I configure "no failover active" on ASA 2 to avoid it to be active role?

No need to remove the configuration, just do no failover and then failover.

NOTE: Starting on 8.3.1 and higher versions you do not need to have the same licenses on both boxes, so this issue will never happen again.

Example: You upgrade the license on the primary unit... Then the new license will be shared between both units.

And the cool thing is that: If you have one license on the primary for 10 SSL users and on the secondary for 2 SSL users then they will merged as a license for  12 SSL users on the primary unit.

When failover happens the new primary will use the 12 SSL user license.

Cool stuff right

For Networking Posts check my blog at http://laguiadelnetworking.com/


Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎07-12-2013 11:16 AM

Hi.

do I need to clear failover configuration on ASA 2 first then upgrade the license key on it?

(in case the ASA 2 becomes active and replicates its configuration to ASA 1)

or should I configure "no failover active" on ASA 2 to avoid it to be active role?

No need to remove the configuration, just do no failover and then failover.

NOTE: Starting on 8.3.1 and higher versions you do not need to have the same licenses on both boxes, so this issue will never happen again.

Example: You upgrade the license on the primary unit... Then the new license will be shared between both units.

And the cool thing is that: If you have one license on the primary for 10 SSL users and on the secondary for 2 SSL users then they will merged as a license for  12 SSL users on the primary unit.

When failover happens the new primary will use the 12 SSL user license.

Cool stuff right

For Networking Posts check my blog at http://laguiadelnetworking.com/


Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
wasahongNYC
Level 1
Level 1
In response to Julio Carvajal

‎07-12-2013 04:42 PM

thank you so much for the answer.

I will configure it and ask again if there is another issue.

thanks,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card