Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

CISCO ASA5520 ACTIVE/STANDBY LICENSE REQUIREMENTS

Hi there

I am struggling to confirm the license requirements for Active/Standby failover on a pair of ASA5520

The devices are currently ruining version 8.4 (1) and have the VPN plus license as below:

 

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 150            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 750            perpetual
Total VPN Peers                   : 750            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license

 

I can see from forums and sites that for the 5505 and 5515 you definitely require the security plus license but can not see a definite answer for the 5520. When I check one of our 5515 devices which has security plus the fail-over feature still shows active/active perpetual

 

Can anyone confirm for me what the 5520 requires?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

The 5520 and higher) models

The 5520 (and higher) models do not require Security Plus for failover capability. That is only required on 5505, 5510, and 5512-X.

Reference 1

Reference 2

4 REPLIES
Hall of Fame Super Silver

The 5520 and higher) models

The 5520 (and higher) models do not require Security Plus for failover capability. That is only required on 5505, 5510, and 5512-X.

Reference 1

Reference 2

Community Member

Marvin, thats great. Thanks

Marvin, thats great. Thanks for the quick response and for confiming that for me. Much appreicated. 

Community Member

HI , But if i have two ASA

HI ,

 

But if i have two ASA 5520 in Active/Standby and i put aditional license on active unit only .

 

L-ASA-SSL-250-500=

ASA 5500 SSL VPN 250 to 500 Premium User Upgrade License

 

The standby unit will automaticly  get licenses from active unit ? or how it goes in Active/Stanby mode ?

 

KR 

VZ

Hall of Fame Super Silver

Starting with Version 8.3(1),

Starting with Version 8.3(1), failover units do not require the same license on each unit. Older versions of ASA software required that the licenses match on each unit. If you have licenses on both units, they combine into a single running failover cluster license.

The primary exception is the Security Plus license that is a prerequisite to enable failover on the low-end models.

The specific license you mention does need the 250 SSL VPN Premium user license to be present first on the unit where it is activated but that's because it is an upgrade license, not having anything to do with failover.

269
Views
0
Helpful
4
Replies
CreatePlease to create content