Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
986
Views
0
Helpful
3
Replies

Cisco ASA5510-SSL250-K9 (ASA 5510 VPN Edition w/ 250 SSL User License, 3DES/AES)

Go to solution
net buzz
Level 1
Level 1

‎10-25-2012 04:15 AM - edited ‎03-11-2019 05:13 PM

Hi!

A Cisco ASA5510-SSL250-K9 (ASA 5510 VPN Edition w/ 250 SSL User License, 3DES/AES) can be used for up to 250 IPSec or SSL VPN connections.

Please clarify if this version has Active/Active or Active/Standby features.

If two ASA boxes are to be deployed in HA mode whether Active/Active or Active/Standby, must both boxes be purchased with the same license or can we have one with an unrestricted license and the second one with a failover license only? (This was the case for PIX firewalls).

Regards,

Alvin

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to net buzz

‎10-26-2012 02:21 AM

Yes, you are correct.

For ASA5510-SEC-BUN-K9, you can purchase extra SSL VPN license for 250 users, that will includes 250 SSL VPN as well.

For ASA5510-SSL250-K9, you can purchase extra Security Plus license, and that will include the 2 Gigabit interface, and failover capabilities.

So you can purchase either of the above, and purchase the relevant license in addition.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎10-25-2012 06:02 AM

ASA5510-SSL250-K9 can be used for 250 IPSec VPN and 250 SSL VPN. It comes by default with 250 IPsec VPN, and the "SSL250" is for 250 SSL VPN license.

You would need to have Security Plus license to run the ASA in failover mode (both Active/Standby and Active/Active).

No, ASA doesn't have Failover only license like PIX has.

You would need to have both running Security Plus license.

However, the rest of the license doesn't need to match up if you are running ASA version 8.3 or higher. For example: You can purchase the 250 SSL VPN license on 1 ASA, and the other ASA doesn't need to have the same license.

Here is more information on failover licensing for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/intro_license.html#wpxref93942

However, if you are running version 8.2 or lower, you would need to have exactly the same license on both ASA in failover pair.

0 Helpful

Go to solution
net buzz
Level 1
Level 1
In response to Jennifer Halim

‎10-26-2012 12:24 AM

Dear Jennifer,

Thank you for the info.

But I would like to clear out an issue.

An ASA with the part number ASA5510-SEC-BUN-K9 is defined as a Cisco ASA 5510 Security Plus Firewall Edition  includes 2 Gigabit Ethernet + 3 Fast Ethernet interfaces, 250 IPsec VPN  peers, 2 Premium VPN peers, Active/Standby high availability, 3DES/AES  license.

It offers only 2 SSL VPN licenses and does Active/Standby.

An ASA with the part number ASA5510-SSL250-K9 is defined as a Cisco ASA 5510 SSL/IPsec VPN Edition includes 250  IPsec VPN peers, 250 Premium VPN peers, firewall services, 3 Fast  Ethernet interfaces.

It offers 250 SSL VPN licenses.

My questions are:

  • Will this model also offer 2 Gigabit interfaces?
  • What combination is required to have an ASA 5510 with 250 SSL VPN licenses and have Active/Standy or Active/Active abilities?
0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to net buzz

‎10-26-2012 02:21 AM

Yes, you are correct.

For ASA5510-SEC-BUN-K9, you can purchase extra SSL VPN license for 250 users, that will includes 250 SSL VPN as well.

For ASA5510-SSL250-K9, you can purchase extra Security Plus license, and that will include the 2 Gigabit interface, and failover capabilities.

So you can purchase either of the above, and purchase the relevant license in addition.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card