Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA Primary / Secondary ( Active / Failover ) part number required


I have Cisco ASA 5520 with VPN Plus license. I have to procure second unit and run it as Failover / Secondary unit.

what ASA part number should I buy so that I may have active / failover functionality with my above existing unit.

should i consider "ASA5520-BUN-K9" ?


Hi Zeshan,Answer for your

Hi Zeshan,

Answer for your question.

Q. Do I need to buy the same licenses for the secondary unit in a failover pair?

A. No. Starting with Version 8.3(1), you do not have to have matching licenses on both units. Typically, you buy a license only for the primary unit; the secondary unit inherits the primary license when it becomes active. In the case where you also have a separate license on the secondary unit (for example, if you purchased matching licenses for pre-8.3 software), the licenses are combined into a running failover cluster license, up to the model limits.


Encryption license—Both units must have the same encryption license.




Community Member

Hi Karthik,Thanks for your

Hi Karthik,

Thanks for your reply.

so it means that if i purchase "ASA5520-BUN-K9" with VPN plus license then i would be able to run my ASAs as primary / Secondary ( Active / Failovers ) units. I am talking about pre-8.3 software version. My ASA Software version is 7.2 and i also want to keep it same on new ASA unit because i am not comfortable with 8.3 or higher.

if above understanding is not correct then please let me know the model/part number details that i need to buy for my secondary ASA to run in active / failover senario.


HI Zeshan,Yeah. Your

HI Zeshan,

Yeah. Your understanding is correct... But as Marvin commented, that is an EOL/EOS announced model, you might not get the required new one via authorized channels.....

Pre-8.3 version - You should have the exact matching features/license on both devices....




Community Member

Thanks Karthik for

Thanks Karthik for explanation.

Hall of Fame Super Silver

Karthik is correct in general

Karthik is correct in general.

However, the ASA 5520 is end of sales since Fall 2013. You will not be able to buy a new one via authorized Cisco channels.

CreatePlease to create content