Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA security context in HA cluster

hi out there

I have a active-active setup with 2 cisco asa 5585x running 8.4 - the boxes ahve each 2 sec context's build-in - which gives 4 sec context in the cluster. I have 2 x 5 extra licenses (2 x ASA5500-SC-5)  which I haven't applied yet - will this give me a total of 10 or 14 security contextes? I am a bit in doubt because if I only get 10 sec contextes in this cluster then could I instead get a single 10 security context license (1 x ASA5500-SC-10) and add this - hereby I would get 12 then.  

best regards /ti               

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

ASA security context in HA cluster

When you apply the 5 extra licenses x2, it will give you a total of 10 security context.

If you are getting a single 10 security context license, it will give you a total of 12 security context.

7 REPLIES
Cisco Employee

ASA security context in HA cluster

When you apply the 5 extra licenses x2, it will give you a total of 10 security context.

If you are getting a single 10 security context license, it will give you a total of 12 security context.

New Member

When you apply the 5 extra

When you apply the 5 extra licenses x2, it will give you a total of 10 security context. - What about the 2 built-in security contexts? it should be 12 total contexts right?

New Member

or it should be 14 total

or it should be 14 total contexts?
 

New Member

nope - you have to consider

nope - you have to consider how you upgrade - when you apply a 10 sec license the box has 10 sec contextes - not 12 - so in a HA cluster (with 2 phys boxes)  where you apply this to a single host you have 10+2 not 12+2

if you apply this in another way where you but 2 x 5 upgrades for both boxes then you waste 2 contextes

 

and if you similar apply a 10 sec context to the first box and afterwards a 5 context upgrade to the second box you have 15 and not 17 or 19 sec liceses

 

so - before you start upgrade - conside what you want - if you apply it wrong or buy it wrong you are in trouble ;-)

 

 

New Member

let's say I have 5515-X_1

let's say I have 5515-X_1 without a security context license. And I have another 5515-X_2 with 5 security contexts license. So the total security contexts for ACTIVE/ACTIVE is still 5 total contexts instead of 7. The two built-in security context in 5515-X_1 does not count. Would you know why cisco design this licensing this way?

Hall of Fame Super Silver

It's that way for the reason

It's that way for the reason I noted below - 

The two "built-in" contexts are not really intended as customer contexts. They are intended as system and admin contexts. Thus they are not additive in an HA multi-context scenario.

Hall of Fame Super Silver

The two "built-in" contexts

The two "built-in" contexts are not really intended as customer contexts. They are intended as system and admin contexts. Thus they are not additive in an HA multi-context scenario.

1730
Views
0
Helpful
7
Replies
CreatePlease to create content