Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member


I have a SSL-VPN licensed ASA and an Un-licensed one that I am trying to set as failover. How can I UN-license the primary from ssl vpn. It will not replicate the config unless I do


Re: ASA SSL VPN License

If I am not wrong, no option is available to UN-license or remove the SSl-VPN License. You need to get/upgrade to have similar feature.

But as specified in doc, you should have identical model & features/license in order to achieve/have failover.

*Check the Active/Standby & Active/Active requirements for PIX and ASA:

"..Both units have the same hardware, software configuration, and proper license."

Hope this helps. Pls rate all useful post(s).


New Member

Re: ASA SSL VPN License

I have just addes a 10 user SSL license to my failover pair (active/standby) of ASA's and have also lost failover, according to cisco logic you have to purchse 20 user licence's in order to only be able to use 10 concurrently in a failover pair.....

And if you apply the new key you cannot remove it, so you are forced to buy another 10 licenses, becuse your failover is gone...

Needless to say I am LIVVIDD

Re: ASA SSL VPN License


It depends whether you bought the SSL-VPN license after buying the ASA or not. If you bought the license after the original purchase you should be able to simply re-apply the original activation key, which will restore the original features.

However, if you bought the license with the ASA (i.e. it's the only activation key you have) then you should try contacting Cisco. They could split your activation key into two new ones (a basic one and a SSL upgrade one) then you could apply just the basic one and still have the option of upgrading at a later date.

This is just a suggestion - I don't know whether Cisco would do this but as the keys are not transferable (they'll only work on the original box) I don't see why they wouldn't.



CreatePlease to create content