Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA 5520 Failover Unit Anyconnect Licenses

So i setup a failover active / passive with 2 ASA5520's

Primary asa has 750 Anyconnect vpn licensing and the secondary asa has 2 Anyconnect licenses     

I haven't setup the second asa with the new 750 licenses i purchased but when i do a show version it shows

that the failover licensed features shows 750...

Does this mean i do not have to install the secondary anyconnect licenses on the standby ASA unit?

output of secondary asa

:

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 150            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 750            perpetual
Total VPN Peers                   : 750            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license.


Failover cluster licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 150            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 4              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 27             perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 750            perpetual
Total VPN Peers                   : 750            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 4              perpetual
Total UC Proxy Sessions           : 4              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

1 ACCEPTED SOLUTION

Accepted Solutions

Cisco ASA 5520 Failover Unit Anyconnect Licenses

Hello,

here is what you are looking for:

Failover Licenses (8.3(1) and Later)

In Version 8.3(1) and later, failover units do not require the same  license on each unit. For earlier versions, see the licensing document  for your version.

Failover License Requirements

Failover units do not require the same license on each unit.

Older versions of adaptive security appliance software required that the  licenses match on each unit. Starting with Version 8.3(1), you no  longer need to install identical licenses. Typically, you buy a license  only for the primary unit; for Active/Standby failover, the secondary  unit inherits the primary license when it becomes active. If you have  licenses on both units, they combine into a single running failover  cluster license.

For  the ASA 5505 and 5510 adaptive security appliances, both units require  the Security Plus license; the Base license does not support failover,  so you cannot enable failover on a standby unit that only has the Base  license.

Here is the link if you need more info:

http://tools.cisco.com/squish/a3512

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
2 REPLIES

Cisco ASA 5520 Failover Unit Anyconnect Licenses

Hello,

here is what you are looking for:

Failover Licenses (8.3(1) and Later)

In Version 8.3(1) and later, failover units do not require the same  license on each unit. For earlier versions, see the licensing document  for your version.

Failover License Requirements

Failover units do not require the same license on each unit.

Older versions of adaptive security appliance software required that the  licenses match on each unit. Starting with Version 8.3(1), you no  longer need to install identical licenses. Typically, you buy a license  only for the primary unit; for Active/Standby failover, the secondary  unit inherits the primary license when it becomes active. If you have  licenses on both units, they combine into a single running failover  cluster license.

For  the ASA 5505 and 5510 adaptive security appliances, both units require  the Security Plus license; the Base license does not support failover,  so you cannot enable failover on a standby unit that only has the Base  license.

Here is the link if you need more info:

http://tools.cisco.com/squish/a3512

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Hello.Lets say that I install

Hello.

Lets say that I install ac-essential on active ASA and that the active ASA has an hardware problem and is shut down. Now I have the secondary ASA as the active and only working firewall. What happens if I need to reboot the secondary ASA? When it comes up, does it still have all licensing inherited initially from active ASA?

Regards,

Joao

 

6258
Views
0
Helpful
2
Replies